CVE-2026-22723

Source
https://cve.org/CVERecord?id=CVE-2026-22723
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22723.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-22723
Aliases
Published
2026-03-05T20:40:27.743Z
Modified
2026-07-15T01:49:10.739870359Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
UAA User Token Revocation logic error
Details

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22723.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "77.30.0"
                },
                {
                    "last_affected": "v78.7.0"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "vmware"
}
References

Affected packages

Git / github.com/cloudfoundry/cf-deployment

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry/cf-deployment
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "cpe": "cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "54.11.0"
        }
    ]
}

Affected versions

v0.*
v0.0.0
v0.0.1
v0.0.2
v0.1.0
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.2.0
v0.2.1
v0.2.2
v0.28.0
v0.29.0
v0.3.0
v0.30.0
v0.31.0
v0.32.0
v0.33.0
v0.34.0
v0.35.0
v0.36.0
v0.37.0
v0.5.0
v0.7.0
v0.8.0
v0.9.0
v0.9.1
v1.*
v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.19.0
v1.2.0
v1.20.0
v1.21.0
v1.22.0
v1.23.0
v1.24.0
v1.25.0
v1.26.0
v1.27.0
v1.28.0
v1.29.0
v1.3.0
v1.30.0
v1.31.0
v1.32.0
v1.33.0
v1.34.0
v1.35.0
v1.36.0
v1.37.0
v1.38.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0
v10.*
v10.0.0
v10.1.0
v11.*
v11.0.0
v11.1.0
v11.2.0
v12.*
v12.0.0
v12.1.0
v12.10.0
v12.11.0
v12.12.0
v12.13.0
v12.14.0
v12.15.0
v12.16.0
v12.17.0
v12.18.0
v12.19.0
v12.2.0
v12.20.0
v12.21.0
v12.22.0
v12.23.0
v12.24.0
v12.25.0
v12.26.0
v12.27.0
v12.28.0
v12.29.0
v12.3.0
v12.30.0
v12.31.0
v12.32.0
v12.33.0
v12.34.0
v12.35.0
v12.36.0
v12.37.0
v12.38.0
v12.39.0
v12.4.0
v12.40.0
v12.41.0
v12.42.0
v12.43.0
v12.44.0
v12.45.0
v12.5.0
v12.6.0
v12.7.0
v12.8.0
v12.9.0
v13.*
v13.0.0
v13.1.0
v13.10.0
v13.11.0
v13.12.0
v13.13.0
v13.14.0
v13.15.0
v13.16.0
v13.17.0
v13.18.0
v13.19.0
v13.2.0
v13.20.0
v13.21.0
v13.22.0
v13.23.0
v13.3.0
v13.4.0
v13.5.0
v13.6.0
v13.7.0
v13.8.0
v13.9.0
v14.*
v14.0.0
v15.*
v15.0.0
v15.1.0
v15.2.0
v15.3.0
v15.4.0
v15.5.0
v15.6.0
v15.7.0
v16.*
v16.0.0
v16.1.0
v16.10.0
v16.11.0
v16.12.0
v16.13.0
v16.14.0
v16.15.0
v16.16.0
v16.17.0
v16.18.0
v16.19.0
v16.2.0
v16.20.0
v16.21.0
v16.22.0
v16.23.0
v16.24.0
v16.25.0
v16.3.0
v16.4.0
v16.5.0
v16.6.0
v16.7.0
v16.8.0
v16.9.0
v17.*
v17.0.0
v17.1.0
v18.*
v18.0.0
v19.*
v19.0.0
v2.*
v2.0.0
v2.1.0
v2.2.0
v2.3.0
v2.4.0
v2.5.0
v20.*
v20.0.0
v20.1.0
v20.2.0
v20.3.0
v20.4.0
v21.*
v21.0.0
v21.1.0
v21.10.0
v21.11.0
v21.2.0
v21.3.0
v21.4.0
v21.5.0
v21.6.0
v21.7.0
v21.8.0
v21.9.0
v22.*
v22.0.0
v22.1.0
v22.2.0
v23.*
v23.0.0
v23.1.0
v23.2.0
v23.3.0
v23.4.0
v23.5.0
v24.*
v24.0.0
v24.1.0
v24.2.0
v24.3.0
v24.4.0
v24.7.0
v25.*
v25.0.0
v25.1.0
v26.*
v26.0.0
v26.1.0
v26.2.0
v26.3.0
v26.4.0
v26.5.0
v26.6.0
v26.7.0
v27.*
v27.0.0
v27.1.0
v27.2.0
v27.4.0
v27.5.0
v27.6.0
v27.7.0
v27.8.0
v28.*
v28.0.0
v28.1.0
v28.2.0
v29.*
v29.0.0
v29.1.0
v3.*
v3.0.0
v3.1.0
v3.2.0
v3.3.0
v3.4.0
v3.5.0
v3.6.0
v30.*
v30.0.0
v30.1.0
v30.10.0
v30.2.0
v30.3.0
v30.4.0
v30.5.0
v30.6.0
v30.7.0
v30.8.0
v30.9.0
v31.*
v31.0.0
v31.1.0
v31.2.0
v31.3.0
v31.4.0
v31.5.0
v31.6.0
v32.*
v32.0.0
v32.1.0
v32.10.0
v32.11.0
v32.12.0
v32.13.0
v32.14.0
v32.15.0
v32.16.0
v32.17.0
v32.2.0
v32.3.0
v32.4.0
v32.5.0
v32.6.0
v32.7.0
v32.8.0
v32.9.0
v33.*
v33.0.0
v33.1.0
v33.10.0
v33.11.0
v33.12.0
v33.2.0
v33.3.0
v33.4.0
v33.5.0
v33.6.0
v33.7.0
v33.8.0
v33.9.0
v34.*
v34.0.0
v34.1.0
v34.2.0
v35.*
v35.0.0
v35.1.0
v35.2.0
v35.3.0
v35.4.0
v35.5.0
v36.*
v36.0.0
v37.*
v37.0.0
v37.1.0
v37.2.0
v37.3.0
v37.4.0
v37.5.0
v38.*
v38.0.0
v38.1.0
v39.*
v39.0.0
v39.1.0
v39.2.0
v39.3.0
v39.4.0
v39.5.0
v39.6.0
v39.7.0
v39.8.0
v4.*
v4.0.0
v4.1.0
v4.2.0
v4.3.0
v4.4.0
v4.5.0
v40.*
v40.0.0
v40.1.0
v40.10.0
v40.11.0
v40.12.0
v40.13.0
v40.14.0
v40.15.0
v40.16.0
v40.17.0
v40.18.0
v40.19.0
v40.2.0
v40.3.0
v40.4.0
v40.5.0
v40.6.0
v40.7.0
v40.8.0
v40.9.0
v41.*
v41.0.0
v41.1.0
v41.2.0
v41.3.0
v42.*
v42.0.0
v42.1.0
v42.2.0
v42.3.0
v42.4.0
v42.5.0
v42.6.0
v43.*
v43.0.0
v43.1.0
v43.2.0
v43.3.0
v43.4.0
v43.5.0
v43.6.0
v44.*
v44.0.0
v44.1.0
v44.10.0
v44.11.0
v44.2.0
v44.3.0
v44.4.0
v44.5.0
v44.6.0
v44.7.0
v44.8.0
v44.9.0
v45.*
v45.0.0
v45.1.0
v46.*
v46.0.0
v46.1.0
v46.2.0
v46.3.0
v46.4.0
v46.5.0
v46.6.0
v46.7.0
v47.*
v47.0.0
v47.1.0
v48.*
v48.0.0
v48.1.0
v48.10.0
v48.11.0
v48.2.0
v48.3.0
v48.4.0
v48.5.0
v48.6.0
v48.7.0
v48.8.0
v48.9.0
v49.*
v49.0.0
v49.1.0
v49.2.0
v49.4.0
v49.5.0
v49.6.0
v5.*
v5.0.0
v5.1.0
v5.3.0
v5.4.0
v5.5.0
v50.*
v50.0.0
v50.1.0
v50.2.0
v50.3.0
v50.4.0
v51.*
v51.0.0
v51.1.0
v51.10.0
v51.11.0
v51.2.0
v51.3.0
v51.4.0
v51.5.0
v51.6.0
v51.7.0
v51.8.0
v51.9.0
v52.*
v52.0.0
v53.*
v53.0.0
v53.1.0
v53.2.0
v53.3.0
v53.4.0
v53.5.0
v53.6.0
v53.7.0
v53.8.0
v54.*
v54.0.0
v54.1.0
v54.10.0
v54.11.0
v54.2.0
v54.3.0
v54.4.0
v54.5.0
v54.6.0
v54.7.0
v54.8.0
v54.9.0
v6.*
v6.0.0
v6.1.0
v6.10.0
v6.2.0
v6.3.0
v6.4.0
v6.5.0
v6.6.0
v6.7.0
v6.8.0
v6.9.0
v7.*
v7.0.0
v7.1.0
v7.2.0
v7.3.0
v7.4.0
v7.5.0
v7.6.0
v7.8.0
v7.9.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22723.json"

Git / github.com/cloudfoundry/uaa-release

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry/uaa-release
Events
Database specific
{
    "cpe": "cpe:2.3:a:cloudfoundry:uaa-release:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "77.30.0"
        },
        {
            "fixed": "78.8.0"
        }
    ]
}

Affected versions

v77.*
v77.30.0
v77.31.0
v77.32.0
v77.33.0
v77.34.0
v77.35.0
v78.*
v78.0.0
v78.1.0
v78.2.0
v78.3.0
v78.4.0
v78.5.0
v78.6.0
v78.7.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22723.json"