Skip to main content

Cloud Foundry CVE-2026-22727

| EUVDEUVD-2026-12667 HIGH
Missing Authentication for Critical Function (CWE-306)
2026-03-17 vmware
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 17, 2026 - 23:02 euvd
EUVD-2026-12667
Analysis Generated
Mar 17, 2026 - 23:02 vuln.today
CVE Published
Mar 17, 2026 - 22:45 nvd
HIGH 7.5

DescriptionCVE.org

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure application information.

AnalysisAI

Cloud Foundry CAPI Release contains unprotected internal endpoints that allow attackers who have bypassed perimeter firewall controls to replace application droplets and access sensitive application data. The vulnerability affects Cloud Foundry CAPI Release version 1.226.0 and earlier, and CF Deployment version 54.9.0 and earlier across all platforms. This is an authentication bypass issue (CWE-306) with a CVSS score of 7.5, requiring adjacent network access and high attack complexity but no privileges or user interaction.

Technical ContextAI

Cloud Foundry is a multi-cloud platform-as-a-service (PaaS) application deployment and orchestration system. The vulnerability exists in the Cloud Application Programming Interface (CAPI) Release component, specifically affecting versions 1.226.0 and below (CPE: cpe:2.3:a:cloudfoundry:cloud_foundry:*:*:*:*:*:*:*:*). The root cause is CWE-306 (Missing Authentication for Critical Function), meaning internal API endpoints that control application droplet management lack proper authentication controls. In Cloud Foundry, droplets are the compiled, ready-to-run artifacts of applications; the ability to replace these without authentication allows complete application compromise. The vulnerability assumes the attacker has already bypassed perimeter firewall protections, placing them in an adjacent network position where they can reach these internal endpoints.

RemediationAI

Upgrade Cloud Foundry CAPI Release to version 1.227.0 or later and Cloud Foundry Deployment to version 54.10.0 or later, following guidance in the official Cloud Foundry security advisory at https://www.cloudfoundry.org/blog/cve-2026-22727-unprotected-internal-endpoints. As an interim mitigation while patching is scheduled, implement strict network segmentation to ensure internal CAPI endpoints are not accessible from untrusted network zones, deploy additional authentication controls such as mutual TLS for internal API communications, and monitor for unauthorized access attempts to droplet management endpoints. Review and harden firewall rules to minimize the risk of firewall bypass attacks that would enable exploitation of this vulnerability.

CVE-2016-5006 CRITICAL
9.8 May 02

The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers

CVE-2016-6637 CRITICAL
9.6 Sep 30

Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7

CVE-2016-4468 HIGH
8.8 Apr 11

SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3

CVE-2016-6651 HIGH
8.8 Sep 30

The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and

CVE-2019-1003025 HIGH
8.8 Feb 20

A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCl

CVE-2016-6659 HIGH
8.1 Dec 23

Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh

CVE-2016-3084 HIGH
8.1 May 25

The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions,

CVE-2017-4960 HIGH
7.5 Mar 10

An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and

CVE-2016-0781 MEDIUM
6.1 May 25

The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0

CVE-2016-5016 MEDIUM
5.9 Apr 24

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 1

CVE-2016-6636 MEDIUM
5.3 Sep 30

The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3

Share

CVE-2026-22727 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy