Christian Schubert

**Name of the Vulnerable Software and Affected Versions** Cloud Foundry versions prior to 40.17.0 **Description** The issue is related to a security check loophole in the HAProxy release when used in combination with the routing release in Cloud Foundry. This might allow an attacker to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. The vulnerability is associated with the HAProxy component and can be exploited by spoofing, potentially allowing a remote attacker to bypass authentication checks. **Recommendations** For Cloud Foundry versions prior to 40.17.0, update to version 40.17.0 or later to resolve the issue. As a temporary workaround, consider disabling the route-services in routing-release or reconfiguring the haproxy-boshrelease property `ha proxy.forwarded client cert` to a value other than `forward only if route service` until a patch is applied.