High severity8.6NVD Advisory· Published Apr 17, 2026· Updated Apr 17, 2026
CVE-2026-22734
CVE-2026-22734
Description
Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed nor encrypted. This issue affects UUA from v77.30.0 to v78.7.0 (inclusive) and it affects CF Deployment from v48.7.0 to v54.14.0 (inclusive).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: >=77.30.0,<=78.7.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.