cbcvebase.
CVE-2026-22723
published 2026-03-05

CVE-2026-22723: Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in…

PriorityP432medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.22%
13.0th percentile
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.

Affected

3 ranges
VendorProductVersion rangeFixed in
cloudfoundrycf-deployment<= 54.11.0
cloudfoundryuaa-release>= 77.30.0 < 78.8.078.8.0
cloudfoundry_foundationuaa77.30.0 – v78.7.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.