CVE-2026-22723 MEDIUM

CVE-2026-22723: UAA User Token Revocation logic error

Vendor Cloudfoundry Foundation
Product UAA
Published March 5, 2026
Last update May 10, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.

Key dates

02Disclosure timeline

March 5, 2026 CVE published
May 10, 2026 Record updated