Cloudfoundry Foundation Cf Deployment vulnerabilities
2 known vulnerabilities affecting cloudfoundry_foundation/cf_deployment.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-41013P3HIGHCVSS 8.1fixed in 56.0.02026-06-01
CVE-2026-41013 [HIGH] CWE-88 CVE-2026-41013: Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant Diego cells.
Affected versions:
smb-volume-release: All
nvd
CVE-2026-22726P4MEDIUMCVSS 5.0≥ v0.0.2, < v55.0.02026-05-01
CVE-2026-22726 [MEDIUM] CWE-923 CVE-2026-22726: Route Services can be leveraged to send app traffic to network destinations outside of an app's conf
Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks reachable by the Gorouter, which may not have previously had
nvd