Skip to main content

Uua

1 CVEs product

Monthly

CVE-2026-22734 HIGH This Week

Authentication bypass in Cloud Foundry UAA allows remote unauthenticated attackers to obtain access tokens for arbitrary users when SAML 2.0 bearer assertions are enabled, leading to unauthorized access to all UAA-protected systems. Affects UAA versions 77.30.0 through 78.7.0 and CF Deployment versions 48.7.0 through 54.14.0. The vulnerability stems from acceptance of unsigned and unencrypted SAML 2.0 assertions (CWE-290: Authentication Bypass by Spoofing), enabling complete authentication mechanism bypass with network access and low attack complexity (CVSS 8.6, AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis, but the technical details disclosed in the vendor blog create high weaponization potential.

Authentication Bypass Uua
NVD
CVSS 3.1
8.6
EPSS
0.0%
EPSS 0% CVSS 8.6
HIGH This Week

Authentication bypass in Cloud Foundry UAA allows remote unauthenticated attackers to obtain access tokens for arbitrary users when SAML 2.0 bearer assertions are enabled, leading to unauthorized access to all UAA-protected systems. Affects UAA versions 77.30.0 through 78.7.0 and CF Deployment versions 48.7.0 through 54.14.0. The vulnerability stems from acceptance of unsigned and unencrypted SAML 2.0 assertions (CWE-290: Authentication Bypass by Spoofing), enabling complete authentication mechanism bypass with network access and low attack complexity (CVSS 8.6, AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis, but the technical details disclosed in the vendor blog create high weaponization potential.

Authentication Bypass Uua
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy