Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-40965

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) private keys are inadvertently exposed through the public /token_keys endpoint. This endpoint is designed to provide public key material for JWT token verification but incorrectly exposes private key components for EC keys. The vulnerability affects deployments using EC keys for JWT token signing. The vulnerability does not affect RSA key configurations, only deployments using EC keys for JWT signing. Affected versions: - uaa_release: v76.12.0 through v78.12.0 (inclusive); fixed in v78.13.0 or later - CF Deployment: v30.0.0 through v56.0.0 (inclusive); fixed in v56.1.0 or later (bundles uaa_release v78.13.0)

Ver en NVD

Análisis

Cloud Foundry UAA expone inadvertidamente claves privadas EC a través del endpoint público /token_keys, permitiendo que atacantes externos forjen tokens JWT y suplanten cualquier usuario. Esta vulnerabilidad crítica de nivel 10.0 compromete la integridad de todo el sistema de gestión de identidades en implementaciones que usan curvas elípticas.

Roles relevantes

CloudBackendCyberSecurityJava

Severidad

Puntaje: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: LOW
Tipo de falla (CWE): CWE-200

EPSS

Sin puntaje EPSS aún (CVE muy reciente).

Descripción técnica

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) private keys are inadvertently exposed through the public /token_keys endpoint. This endpoint is designed to provide public key material for JWT token verification but incorrectly exposes private key components for EC keys. The vulnerability affects deployments using EC keys for JWT token signing. The vulnerability does not affect RSA key configurations, only deployments using EC keys for JWT signing. Affected versions: - uaa_release: v76.12.0 through v78.12.0 (inclusive); fixed in v78.13.0 or later - CF Deployment: v30.0.0 through v56.0.0 (inclusive); fixed in v56.1.0 or later (bundles uaa_release v78.13.0)

Publicada: 1/6/2026, 22:16:25
Última modificación: 1/6/2026, 22:16:25

Referencias

InicioEventosBlogRecursosEquipo