CVE-2026-40965
Awaiting Analysis Awaiting Analysis - Queue
Private Key Exposure in Cloud Foundry UAA via Token Keys Endpoint

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VMware

Description
Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) private keys are inadvertently exposed through the public /token_keys endpoint. This endpoint is designed to provide public key material for JWT token verification but incorrectly exposes private key components for EC keys. The vulnerability affects deployments using EC keys for JWT token signing. The vulnerability does not affect RSA key configurations, only deployments using EC keys for JWT signing. Affected versions: - uaa_release: v76.12.0 through v78.12.0 (inclusive); fixed in v78.13.0 or later - CF Deployment: v30.0.0 through v56.0.0 (inclusive); fixed in v56.1.0 or later (bundles uaa_release v78.13.0)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2026-40965
EUVD
EUVD-2026-33817
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
vmware cloud_foundry_uaa From 76.12.0 (inc) to 78.12.0 (inc)
vmware cloud_foundry From 30.0.0 (inc) to 56.0.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

Cloud Foundry UAA versions v76.12.0 through v78.12.0 have a vulnerability where Elliptic Curve (EC) private keys are accidentally exposed through the public /token_keys endpoint.

This endpoint is intended to provide only public key material for verifying JWT tokens, but due to the flaw, it exposes private key components for EC keys.

The issue affects deployments using EC keys for JWT token signing and does not affect RSA key configurations.

Mitigation Strategies

To mitigate this vulnerability, upgrade Cloud Foundry UAA to version v78.13.0 or later, or upgrade CF Deployment to version v56.1.0 or later, which includes the fixed UAA release.

Avoid using EC keys for JWT token signing until the upgrade is applied, as the vulnerability only affects deployments using EC keys.

Detection Guidance

This vulnerability can be detected by checking if the /token_keys endpoint of the Cloud Foundry UAA server exposes EC private key components instead of only public key material.

A practical way to detect this is to send an HTTP GET request to the /token_keys endpoint and inspect the returned keys for any private key data related to Elliptic Curve (EC) keys.

For example, you can use the following curl command to retrieve the keys:

  • curl -s https://<uaa-server-domain>/token_keys

Then, review the output for any private key material in the EC keys. The presence of private key components indicates the vulnerability.

Ensure that your UAA version is between v76.12.0 and v78.12.0 inclusive, as these versions are vulnerable.

Impact Analysis

Exposure of EC private keys can lead to severe security risks including unauthorized token signing, allowing attackers to impersonate users or services.

This can result in compromised authentication and authorization mechanisms, potentially leading to data breaches or unauthorized access.

Compliance Impact

The vulnerability involves the exposure of EC private keys through a public endpoint, which can lead to unauthorized access or compromise of JWT token signing. Such a security breach can undermine the confidentiality and integrity of authentication tokens, potentially leading to unauthorized data access.

Exposure of private keys and potential unauthorized access may result in non-compliance with data protection regulations and standards such as GDPR and HIPAA, which require strict controls over sensitive data and cryptographic keys to protect personal and health information.

Therefore, organizations using affected versions of Cloud Foundry UAA with EC keys for JWT signing may face compliance risks until the vulnerability is remediated by upgrading to fixed versions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40965. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart