Cloud Foundry Logo

Cloud Foundry Blog: Cloud Foundry Foundation Security Team

CVE-2026-41859 – Missing TLS in NATS sync
Security Advisory

CVE-2026-41859 – Missing TLS in NATS sync

CVE-2026-41858 – Brute forceable windows admin creds
Security Advisory

CVE-2026-41858 – Brute forceable windows admin creds

CVE-2026-41704 – Compromised VM can make arbitrary blobstore deletes
Security Advisory

CVE-2026-41704 – Compromised VM can make arbitrary blobstore deletes

CVE-2026-41009 – Local Blobstore may allow arbitrary reads/deletes
Security Advisory

CVE-2026-41009 – Local Blobstore may allow arbitrary reads/deletes

CVE-2026-40964 – Read access to CF logs
Security Advisory

CVE-2026-40964 – Read access to CF logs

CVE-2026-22726 – Route Services Firewall Bypass
Security Advisory

CVE-2026-22726 – Route Services Firewall Bypass

CVE-2026-22734 – UAA SAML 2.0 Signature Bypass
Security Advisory

CVE-2026-22734 – UAA SAML 2.0 Signature Bypass

CVE-2026-22727 – Unprotected internal endpoints
Security Advisory

CVE-2026-22727 – Unprotected internal endpoints

CVE-2026-22723 – UAA User Token Revocation
Security Advisory

CVE-2026-22723 – UAA User Token Revocation

CVE-2025-22246 – UAA Private Key Exposure
Security Advisory

CVE-2025-22246 – UAA Private Key Exposure