Platform
linux
Component
cloudfoundry-uaa
Fixed in
78.8.1
CVE-2026-22734 describes a critical bypass vulnerability in Cloud Foundry UAA. This flaw allows an attacker to obtain tokens for any user, effectively granting unauthorized access to systems protected by UAA. The vulnerability impacts versions 77.21.0 through 78.8.0 of UAA, and consequently, Cloud Foundry deployments from v48.7.0 to v54.14.0. A fix is available in version 78.8.1.
The impact of CVE-2026-22734 is severe. An attacker exploiting this vulnerability can impersonate any user within the Cloud Foundry environment. This allows them to access sensitive data, modify configurations, and potentially compromise the entire system. The lack of signing or encryption on SAML 2.0 bearer assertions creates a direct path for attackers to forge valid tokens. This bypass circumvents standard authentication mechanisms, making it particularly dangerous. Successful exploitation could lead to complete system takeover and data exfiltration, mirroring the impact of other authentication bypass vulnerabilities.
CVE-2026-22734 was publicly disclosed on 2026-04-16. While no public proof-of-concept (PoC) has been released as of this writing, the vulnerability's nature and ease of exploitation suggest a medium probability of exploitation (EPSS score likely medium). The vulnerability is not currently listed on the CISA KEV catalog. Active campaigns targeting Cloud Foundry environments should be monitored closely.
Exploit Status
EPSS
0.01% (3% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-22734 is to upgrade Cloud Foundry UAA to version 78.8.1 or later. If an immediate upgrade is not possible, consider disabling SAML 2.0 bearer assertions as a temporary workaround. This will prevent the vulnerability from being exploited but may impact legitimate users relying on SAML authentication. Review UAA client configurations to ensure that SAML assertions are properly signed and encrypted. Monitor UAA logs for suspicious activity, particularly related to SAML authentication attempts. After upgrading, confirm the fix by attempting to authenticate with a SAML 2.0 bearer assertion and verifying that it is rejected.
Update Cloud Foundry UAA to version 78.8.1 or later to mitigate the vulnerability. This update fixes the issue by requiring the signing of SAML 2.0 bearer assertions, preventing unauthorized access to UAA-protected systems.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-22734 is a HIGH severity vulnerability in Cloud Foundry UAA allowing attackers to obtain tokens for any user due to improperly handled SAML 2.0 bearer assertions, impacting authentication and system access.
You are affected if you are running Cloud Foundry UAA versions 77.21.0 through 78.8.0, or Cloud Foundry deployments from v48.7.0 to v54.14.0.
Upgrade Cloud Foundry UAA to version 78.8.1 or later. As a temporary workaround, disable SAML 2.0 bearer assertions.
While no public PoC exists, the vulnerability's nature suggests a medium probability of exploitation, and active monitoring is recommended.
Refer to the official Cloud Foundry security advisory for detailed information and updates: [https://www.cloudfoundry.org/security-advisories/](https://www.cloudfoundry.org/security-advisories/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.