Severity
8.8 / High
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N
8.6 / HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Vendor
CloudFoundry Foundation
Description
Cloud Foundry UAA versions v77.21.0 through v78.8.0 are vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed nor encrypted.
Versions Affected
*Severity is high unless otherwise noted.
- uaa_release
-
- All versions from v77.30.0 to v78.7.0 (inclusive)
- CF Deployment
-
- All versions from v48.7.0 to v54.14.0 (inclusive)
Mitigation
Users of affected products are strongly encouraged to follow the mitigations below.
The Cloud Foundry project recommends upgrading the following releases:
- uaa_release
-
- Upgrade uaa_release versions to v78.9.0 or greater
- CF Deployment
-
- Upgrade cf-deployment version to v55.0.0 or greater
- Includes uaa_release v78.10.0
Credit
Self reported by the UAA Cloud Foundry team
History
April 6th 2026: Initial vulnerability report published
