CVE-2026-22723 — Uaa-release vulnerability

5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 82.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudfoundry Uaa-release Cloudfoundry Foundation UAA Cloudfoundry Cf-deployment

Timeline

PublishedMar 5

Description

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDcloudfoundry/cf-deployment54.11.0

▶NVDcloudfoundry/uaa-release77.30.0 — 78.8.0

▶CVEListV5cloudfoundry_foundation/uaa77.30.0 — v78.7.0

🔴Vulnerability Details

OSV

Cloudfoundry UAA has logic error in the token revocation endpoint implementation↗2026-03-05

▶

CVEList

UAA User Token Revocation logic error↗2026-03-05

▶

GHSA

Cloudfoundry UAA has logic error in the token revocation endpoint implementation↗2026-03-05

▶

🕵️Threat Intelligence

Wiz

CVE-2026-22723 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶