CVE-2026-22723
published 2026-03-05CVE-2026-22723: Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in…
PriorityP432medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.22%
13.0th percentile
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloudfoundry | cf-deployment | <= 54.11.0 | — |
| cloudfoundry | uaa-release | >= 77.30.0 < 78.8.0 | 78.8.0 |
| cloudfoundry_foundation | uaa | 77.30.0 – v78.7.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cloudfoundry UAA has logic error in the token revocation endpoint implementation
osv·2026-03-05
CVE-2026-22723 [MEDIUM] Cloudfoundry UAA has logic error in the token revocation endpoint implementation
Cloudfoundry UAA has logic error in the token revocation endpoint implementation
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.
GHSA
Cloudfoundry UAA has logic error in the token revocation endpoint implementation
ghsa·2026-03-05
CVE-2026-22723 [MEDIUM] Cloudfoundry UAA has logic error in the token revocation endpoint implementation
Cloudfoundry UAA has logic error in the token revocation endpoint implementation
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.
No detection rules found.
No public exploits indexed.
2026-03-05
Published