CVE-2026-22734
Received Received - Intake
SAML Assertion Bypass in Cloud Foundry UAA Enables Unauthorized Access

Publication date: 2026-04-17

Last updated on: 2026-04-17

Assigner: VMware

Description
Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed nor encrypted. This issue affects UUA from v77.30.0 to v78.7.0 (inclusive) and it affects CF Deployment from v48.7.0 to v54.14.0 (inclusive).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-17
Last Modified
2026-04-17
Generated
2026-06-16
AI Q&A
2026-04-17
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22734
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cloud_foundry uua From 77.30.0 (inc) to 78.7.0 (inc)
cloud_foundry cf_deployment From 48.7.0 (inc) to 54.14.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-290 This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Cloud Foundry UUA when SAML 2.0 bearer assertions are enabled for a client. The issue arises because the UAA accepts SAML 2.0 bearer assertions that are neither signed nor encrypted, allowing an attacker to bypass normal authentication controls.

As a result, an attacker can obtain a token for any user, which grants unauthorized access to systems protected by UAA.

Impact Analysis

The vulnerability allows an attacker to impersonate any user by obtaining their token without proper authentication.

  • Unauthorized access to UAA-protected systems.
  • Potential exposure of sensitive data due to compromised user tokens.
  • Increased risk of privilege escalation and unauthorized actions within the affected environment.
Compliance Impact

This vulnerability allows an attacker to obtain a token for any user and gain unauthorized access to UAA-protected systems by exploiting the acceptance of unsigned and unencrypted SAML 2.0 bearer assertions.

Such unauthorized access can lead to exposure of sensitive personal or protected health information, potentially violating data protection requirements under standards like GDPR and HIPAA.

Therefore, this vulnerability could negatively impact compliance with these regulations by compromising confidentiality and access controls mandated by them.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22734. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart