Description

Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed nor encrypted. This issue affects UUA from v77.30.0 to v78.7.0 (inclusive) and it affects CF Deployment from v48.7.0 to v54.14.0 (inclusive).

INFO

Published Date :

2026-04-16T23:33:43.596Z

Last Modified :

2026-04-16T23:33:43.596Z

Source :

vmware
AFFECTED PRODUCTS

The following products are affected by CVE-2026-22734 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22734.

URL Resource
https://www.cloudfoundry.org/blog/cve-2026-22734-uaa-saml-2-0-signature-bypass/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact