High severity7.5NVD Advisory· Published Jun 1, 2026

CVE-2026-40964

Description

Cloud Foundry cf-auth-proxy allows unauthenticated remote attackers to read all logs and metrics by forging a JWT.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cloud Foundry cf-auth-proxy allows unauthenticated remote attackers to read all logs and metrics by forging a JWT.

Vulnerability

An authentication bypass vulnerability exists in cf-auth-proxy within Cloud Foundry Foundation installations. This flaw allows an unauthenticated remote attacker to gain read access to all logs and metrics for every application and platform component. The vulnerability is present in log-cache_release versions through v3.2.6 and CF Deployment versions through v55.?.0 [1].

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by minting a JSON Web Token (JWT) that the cf-auth-proxy will accept as a valid logs.admin token. No user interaction or special network positioning is required for exploitation [1].

Impact

Successful exploitation grants the attacker read access to all logs and metrics for every application and platform component within the Cloud Foundry environment. This represents a significant information disclosure, potentially revealing sensitive operational data and application behavior [1].

Mitigation

Users are strongly encouraged to upgrade log-cache_release to v3.2.7 or later, or CF Deployment to v55.?.0 or later, as these versions contain the fix. CF Deployment v55.?.0 and later bundles the patched log-cache_release v3.2.7 [1].

References

CVE-2026-40964 - Read access to CF logs | Cloud Foundry

AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cloudfoundry/cf-auth-proxyllm-create
Range: all versions through v3.2.6 (inclusive); fixed in v3.2.7 or later
Cloudfoundry/log-cache_releasellm-create
Range: all versions through v3.2.6 (inclusive); fixed in v3.2.7 or later
Cloudfoundry/Cf Deploymentllm-fuzzy
Range: all versions through v55.?.0 (inclusive); fixed in v55.?.0 or later

Patches

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

www.cloudfoundry.org/blog/cve-2026-40964-read-access-to-cf-logs/nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000