Cloud Foundry Foundation Cf Deployment vulnerabilities
2 known vulnerabilities affecting cloud_foundry_foundation/cf_deployment.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-40965P2CRITICALCVSS 10.0≥ 30.0.0, < 56.1.02026-06-01
CVE-2026-40965 [CRITICAL] CWE-200 CVE-2026-40965: Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The s
Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) private keys are inadvertently exposed through the public /token_keys endpoint. This endpoint is designed to provide public key material for JWT token verification but incorrectly exposes priv
nvd
CVE-2026-40964P3HIGHCVSS 7.5≥ 12.44.0, ≤ 55.2.02026-06-01
CVE-2026-40964 [HIGH] CWE-287 CVE-2026-40964: Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unaut
Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token.
Affected versions:
- log-cache_release: all versions throu
nvd