PT-2026-25958 · Cloud Foundry · Cf-Deployment+1
Published
2026-03-17
·
Updated
2026-03-18
·
CVE-2026-22727
CVSS v3.1
7.5
High
| Vector | AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cloud Foundry Capi versions 1.226.0 and earlier
CF Deployment versions v54.9.0 and earlier
Description
The presence of unprotected internal endpoints in Cloud Foundry allows a user who has bypassed the firewall to potentially replace
droplets and, consequently, applications. This access could lead to the exposure of secure application information. The affected components are Cloud Foundry Capi Release 1.226.0 and versions prior, and CF Deployment v54.9.0 and versions prior, across all platforms. A droplet is a packaged application ready for deployment.Recommendations
Update Cloud Foundry Capi to a version later than 1.226.0.
Update CF Deployment to a version later than v54.9.0.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cf-Deployment
Cloud Foundry Capi