Description
Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure application information.
Published: 2026-03-17
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and earlier, and CF Deployment v54.9.0 and earlier expose a missing authentication weakness (CWE‑306). An attacker who has bypassed the firewall could replace droplets, effectively changing application code and gaining unauthorized access to secure application data. This permits data exfiltration and could be used to execute arbitrary code within the affected environment.

Affected Systems

The vulnerability affects Cloudfoundry:Cloud Foundry products, specifically Capi Release versions up to 1.226.0 and CF Deployment versions up to v54.9.0 on all platforms. Users of these releases should verify whether their deployment matches or precedes these versions.

Risk and Exploitability

The CVSS v3 score is 7.5, indicating high severity. Exploit probability (EPSS) is not available, and the flaw is not listed in CISA’s KEV catalog, suggesting it may not yet be widely exploited. The likely attack vector requires an attacker to have already bypassed the external firewall to reach the internal network, after which the unprotected endpoints allow direct droplet replacement. Given the potential for remote code execution and data exposure, the risk is considered significant if the firewall is compromised.

Generated by OpenCVE AI on March 18, 2026 at 00:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cloud Foundry patch or upgrade to Capi Release >1.226.0 and CF Deployment >v54.9.0
  • Reconfigure firewall rules to ensure internal endpoints are not accessible from untrusted sources
  • Verify that authentication mechanisms are enforced on all internal API endpoints
  • Consult the Cloud Foundry vendor for any additional security hardening recommendations

Generated by OpenCVE AI on March 18, 2026 at 00:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 18 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Cloudfoundry
Cloudfoundry cloud Foundry
Vendors & Products Cloudfoundry
Cloudfoundry cloud Foundry

Tue, 17 Mar 2026 23:00:00 +0000

Type Values Removed Values Added
Description Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure application information.
Title Cloud Foundry unprotected internal endpoints
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Cloudfoundry Cloud Foundry
cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2026-03-19T03:55:20.318Z

Reserved: 2026-01-09T06:54:41.497Z

Link: CVE-2026-22727

cve-icon Vulnrichment

Updated: 2026-03-18T20:16:19.497Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-17T23:16:17.470

Modified: 2026-03-18T14:52:44.227

Link: CVE-2026-22727

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:54:25Z

Weaknesses