CVE-2026-40965
Received Received - Intake
Private Key Exposure in Cloud Foundry UAA via Token Keys Endpoint

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VMware

Description
Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) private keys are inadvertently exposed through the public /token_keys endpoint. This endpoint is designed to provide public key material for JWT token verification but incorrectly exposes private key components for EC keys. The vulnerability affects deployments using EC keys for JWT token signing. The vulnerability does not affect RSA key configurations, only deployments using EC keys for JWT signing. Affected versions: - uaa_release: v76.12.0 through v78.12.0 (inclusive); fixed in v78.13.0 or later - CF Deployment: v30.0.0 through v56.0.0 (inclusive); fixed in v56.1.0 or later (bundles uaa_release v78.13.0)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-02
AI Q&A
2026-06-02
EPSS Evaluated
N/A
NVD
CVE-2026-40965
EUVD
EUVD-2026-33817
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
vmware cloud_foundry_uaa From 76.12.0 (inc) to 78.12.0 (inc)
vmware cloud_foundry From 30.0.0 (inc) to 56.0.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade Cloud Foundry UAA to version v78.13.0 or later, or upgrade CF Deployment to version v56.1.0 or later, which includes the fixed UAA release.

Avoid using EC keys for JWT token signing until the upgrade is applied, as the vulnerability only affects deployments using EC keys.


Can you explain this vulnerability to me?

Cloud Foundry UAA versions v76.12.0 through v78.12.0 have a vulnerability where Elliptic Curve (EC) private keys are accidentally exposed through the public /token_keys endpoint.

This endpoint is intended to provide only public key material for verifying JWT tokens, but due to the flaw, it exposes private key components for EC keys.

The issue affects deployments using EC keys for JWT token signing and does not affect RSA key configurations.


How can this vulnerability impact me? :

Exposure of EC private keys can lead to severe security risks including unauthorized token signing, allowing attackers to impersonate users or services.

This can result in compromised authentication and authorization mechanisms, potentially leading to data breaches or unauthorized access.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking if the /token_keys endpoint of the Cloud Foundry UAA server exposes EC private key components instead of only public key material.

A practical way to detect this is to send an HTTP GET request to the /token_keys endpoint and inspect the returned keys for any private key data related to Elliptic Curve (EC) keys.

For example, you can use the following curl command to retrieve the keys:

  • curl -s https://<uaa-server-domain>/token_keys

Then, review the output for any private key material in the EC keys. The presence of private key components indicates the vulnerability.

Ensure that your UAA version is between v76.12.0 and v78.12.0 inclusive, as these versions are vulnerable.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart