Severity
HIGH
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (7.5)
Vendor
CloudFoundry Foundation
Versions Affected
- Capi Release: 1.226.0 and below
- CF Deployment: v54.9.0 and below
Description
An attacker with access to the Cloud Foundry internal network could potentially inject malicious code into a CF application environment by replacing droplets.
Affected Cloud Foundry Products and Versions
*Severity is high unless otherwise noted.
- capi_release
-
- 1.226.0 and below (inclusive)
- CF Deployment
-
- v54.9.0 and below (inclusive)
Mitigation
Users of affected products are strongly encouraged to follow the mitigations below.
The Cloud Foundry project recommends upgrading the following releases:
- capi_release
-
- Upgrade capi_release versions to v1.227.0 or greater
- CF Deployment
-
- Upgrade cf-deployment version to v54.10.0 or greater
Credit
Found and reported by SAP
History
Mar 17, 2026: Initial vulnerability report published
