Medium severity6.5NVD Advisory· Published Mar 5, 2026· Updated May 10, 2026
CVE-2026-22723
CVE-2026-22723
Description
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.cloudfoundry.identity:cloudfoundry-identity-serverMaven | >= 77.30.0, < 78.8.0 | 78.8.0 |
Affected products
4- cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*Range: >48.7.0,<=54.11.0
- ghsa-coordsRange: >= 77.30.0, < 78.8.0
- Range: 77.30.0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-6wcw-r64p-qrrwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-22723ghsaADVISORY
- www.cloudfoundry.org/blog/cve-2026-22723-uaa-user-token-revocation/nvdMitigationVendor Advisory
- github.com/cloudfoundry/uaa/commit/74c88235b5bc6e61752624700e91f61fd724dfcdghsaWEB
- github.com/cloudfoundry/uaa/releases/tag/v78.8.0ghsaWEB
- www.cloudfoundry.org/blog/cve-2026-22723-uaa-user-token-revocationghsaWEB
News mentions
0No linked articles in our index yet.