CVE-2026-22734HIGH 8.6EPSS p28.1%

CVE-2026-22734CVE-2026-22734

Description

Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed nor encrypted. This issue affects UUA from v77.30.0 to v78.7.0 (inclusive) and it affects CF Deployment from v48.7.0 to v54.14.0 (inclusive).

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS0.36% probability of exploitation · percentile 28.1% · 2026-06-19T12:03:05Z
Published2026-04-17
Last modified2026-04-17

Underlying weaknesses· 1

CWE-290

References

  1. https://www.cloudfoundry.org/blog/cve-2026-22734-uaa-saml-2-0-signature-bypass/

1

TypeTargetConfidenceTier
WeaknessAuthentication Bypass by Spoofingcwe-2900%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-40965
CVE
CVE-2026-40964
CVE
CVE-2026-22733
CVE
CVE-2026-23552
CVE
Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability
CVE
CVE-2026-7571
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.