Route Services Vulnerability in Cloud Foundry by Pivotal
CVE-2026-22726

5MEDIUM

Key Information:

Vendor: Cloudfoundry Foundation
Status: Routing Release; Cf Deployment
Vendor: CVE Published:; 30 April 2026

🔔 Create Cloudfoundry Foundation Vulnerability Alert

What is CVE-2026-22726?

The vulnerability allows route services in Cloud Foundry to improperly send application traffic to network destinations outside of the established egress settings. This may enable a malicious developer with access to the system to configure a harmful route-service that redirects requests to internal HTTP services that were not designed to be exposed to outside networks. Systems running affected versions of routing and deployment releases must be updated to mitigate the improper routing behavior and improve overall network security.

Affected Version(s)

CF Deployment v0.0.2

Routing release v0.118.0

References

https://www.cloudfoundry.org/blog/cve-2026-22726-route-se...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2026-22726 Data

JSON