A critical security vulnerability (CVE-2026-40965) has been discovered in the Cloud Foundry platform's User Account and Authentication (UAA) system, allowing unauthorized access to sensitive elliptic curve private keys through an API error. This flaw has a CVSS score of 10.0, urging immediate patch application by enterprise administrators. Affected UAA versions range from v76.12.0 to v78.12.0. Patches are available, and users are advised to upgrade to version v78.13.0 or later to protect against potential token forgery attacks.
Cloud Foundry UAA bug exposes private keys, CVE-2026-40965
CyberSIXT Evidence Panel
Article by CyberSIXT