CVE-2026-22723 | THREATINT

Description

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.

PUBLISHED Reserved 2026-01-09 | Published 2026-03-05 | Updated 2026-03-06 | Assigner vmware

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Product status

Default status

unaffected

77.30.0 (custom)

affected

References

www.cloudfoundry.org/...026-22723-uaa-user-token-revocation/

cve.org (CVE-2026-22723)

nvd.nist.gov (CVE-2026-22723)

Download JSON