SecuriTricks - CVE-2026-40964

Description

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token. Affected versions: - log-cache_release: all versions through v3.2.6 (inclusive); fixed in v3.2.7 or later - CF Deployment: all versions through v55.?.0 (inclusive); fixed in v55.?.0 or later (bundles log-cache_release v3.2.7)

Product(s) Impacted

Vendor	Product	Versions
Cloud Foundry	Log-cache Release Cf-auth-proxy Cf Deployment	<3.2.6, 3.2.7 * <55.?.0

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	cloud_foundry	log-cache_release	<3.2.6	/	/	/	/	/	/
a	cloud_foundry	log-cache_release	3.2.7	/	/	/	/	/	/
a	cloud_foundry	cf-auth-proxy	/	/	/	/	/	/	/	/
a	cloud_foundry	cf_deployment	<55.?.0	/	/	/	/	/	/

References

https://www.cloudfoundry.org/blog/cve-2026-40964-read-access-to-cf-logs/

CVSS Score

7.5 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: NONE
Availability Impact: NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

View Vector String

Timeline

Published: June 1, 2026, 10:16 p.m.
Last Modified: June 2, 2026, 2:01 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2026-40964