What is the CVSS score of EUVD-2026-33765?

EUVD-2026-33765 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Cloud Foundry log-cache are affected by EUVD-2026-33765?

Cloud Foundry deployments running log-cache_release v3.2.6 and earlier are vulnerable to an unauthenticated authentication bypass in cf-auth-proxy, permitting attackers to read all application logs…

How to fix or mitigate EUVD-2026-33765?

24 hours: Identify and inventory all Cloud Foundry environments running log-cache_release v3.2.6 or earlier; implement immediate network-level isolation of cf-auth-proxy to trusted networks only. 7 days: Deploy Web Application Firewall rules to restrict and monitor cf-auth-proxy access; establish detailed audit logging of all authentication attempts. 30 days: Actively monitor VMware Cloud Foundry security advisories for patch release; prepare upgrade deployment plan for execution within 72 hours of patch availability.

Cloud Foundry log-cache EUVD-2026-33765

| CVE-2026-40964 HIGH

Improper Authentication (CWE-287)

2026-06-01 vmware

GHSA-9cjf-w9mw-93r3

Authentication Bypass Log Cache Release Cf Deployment

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Jun 01, 2026 - 22:16 vuln.today

DescriptionCVE.org

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token.

Affected versions:

log-cache_release: all versions through v3.2.6 (inclusive); fixed in v3.2.7 or later
CF Deployment: all versions through v55.?.0 (inclusive); fixed in v55.?.0 or later (bundles log-cache_release v3.2.7)

AnalysisAI

Authentication bypass in Cloud Foundry's cf-auth-proxy (log-cache_release through v3.2.6) lets a remote unauthenticated attacker mint a JWT that the proxy accepts as a valid logs.admin token, granting read access to every application and platform-component log and metric across the foundation. CVSS 7.5 with AV:N/AC:L/PR:N reflects trivially-reachable, network-based exploitation; no public exploit has been identified at time of analysis, but the CVSS vector includes E:P indicating proof-of-concept maturity per the issuing CNA (VMware).

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Identify reachable log-cache endpoint

Delivery

Mint forged JWT with logs.admin claim

Exploit

Submit token to cf-auth-proxy

Install

Proxy accepts token as valid admin

Query log-cache API for all apps and components

Execute

Exfiltrate logs and metrics

Impact

Harvest secrets for follow-on compromise

Recon

Identify reachable log-cache endpoint

Delivery

Mint forged JWT with logs.admin claim

Exploit

Submit token to cf-auth-proxy

Install

Proxy accepts token as valid admin

Query log-cache API for all apps and components

Execute

Exfiltrate logs and metrics

Impact

Harvest secrets for follow-on compromise

Vulnerability AssessmentAI

Exploitation	Exploitation requires network reachability to the cf-auth-proxy fronting log-cache in a Cloud Foundry foundation running log-cache_release at or below v3.2.6 (or a CF Deployment that bundles it). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS vector AV:N/AC:L/PR:N/UI:N paints a worst-case access profile: network-reachable, low complexity, no authentication, no user interaction - anyone who can reach the log-cache endpoint can attempt exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker with network reachability to the log-cache endpoint crafts a JWT that the cf-auth-proxy mistakenly accepts as carrying the logs.admin scope, then issues standard log-cache API queries to stream logs and metrics for every application and platform component in the foundation. The attacker harvests credentials, API tokens, internal URLs, and request payloads from log lines, then pivots to higher-impact compromise against the discovered systems. …
Remediation	Vendor-released patch: log-cache_release v3.2.7 (bundled in the corresponding fixed CF Deployment release). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify and inventory all Cloud Foundry environments running log-cache_release v3.2.6 or earlier; implement immediate network-level isolation of cf-auth-proxy to trusted networks only. …

Threat intelligence, references, and detailed analysis are available after sign-in.

EUVD-2026-33765 vulnerability details – vuln.today

Back

Cloud Foundry log-cache EUVD-2026-33765

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code