CVE-2026-22723

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Cloudfoundry UAA versions 77.30.0 through 78.7.0 Cloudfoundry Deployment versions 48.7.0 through 54.10.0

Description A logic error in the implementation of the token revocation endpoint leads to inappropriate user token revocation. The issue affects the token revocation process. The vulnerable component is the token revocation endpoint.

Recommendations Update Cloudfoundry UAA to a version later than 78.7.0. Update Cloudfoundry Deployment to a version later than 54.10.0.

Fix

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693CWE-640

Related Identifiers

CVE-2026-22723

GHSA-6WCW-R64P-QRRW

Affected Products

Cloudfoundry Deployment

Cloud Foundry Uaa

CVE-2026-22723

Weakness Enumeration

Related Identifiers

Affected Products

References · 9