CVE-2026-22727 HIGH

CVE-2026-22727: Cloud Foundry unprotected internal endpoints

Vendor Cloudfoundry
Product Cloud Foundry
Weakness CWE-306 · Missing auth
Published March 17, 2026
Last update March 19, 2026

CVSS base score

7.5/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure application information.

Key dates

02Disclosure timeline

March 17, 2026 CVE published
March 19, 2026 Record updated