Description
Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token.

Affected versions:
- log-cache_release: all versions through v3.2.6 (inclusive); fixed in v3.2.7 or later
- CF Deployment: all versions through v55.?.0 (inclusive); fixed in v55.?.0 or later (bundles log-cache_release v3.2.7)
Published: 2026-06-01
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Authentication bypass in the cf-auth-proxy component allows an unauthenticated remote attacker to forge a JSON Web Token recognized as a valid logs.admin token; the attacker can then read every log and metric for all applications and platform components. The weakness is a classic authentication bypass (CWE‑287). The impact is a loss of confidentiality for all log data, potentially revealing sensitive information and allowing attackers to understand system internals and troubleshooting data.

Affected Systems

The vulnerability affects installations of Cloud Foundry Foundation:CF Deployment and Cloud Foundry Foundation:log-cache_release. All log-cache_release versions up to and including v3.2.6 are impacted, and all CF Deployment releases up to and including v55.x.0 are affected. Versions v3.2.7 or later for log-cache_release, and a CF Deployment release that bundles log-cache_release v3.2.7 or newer, contain the fix.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity, and the lack of an EPSS score suggests no current metric but the threat remains significant. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit this flaw remotely by creating a forged JWT, which the cf-auth-proxy accepts as authentic, and then using it to retrieve any log or metric data without authentication.

Generated by OpenCVE AI on June 1, 2026 at 22:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Cloud Foundry deployment to a version that includes log-cache_release v3.2.7 or later.
  • If the CF deployment cannot be updated immediately, upgrade the log-cache_release component to v3.2.7 or newer.
  • Restrict external network access to the cf-auth-proxy service and ensure it is only exposed to trusted networks.

Generated by OpenCVE AI on June 1, 2026 at 22:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Cloudfoundry
Cloudfoundry cf-deployment
Cloudfoundry log-cache Release
Vendors & Products Cloudfoundry
Cloudfoundry cf-deployment
Cloudfoundry log-cache Release

Tue, 02 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Title Unauthenticated Access to Cloud Foundry Logs via cf-auth-proxy JWT Bypass

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token. Affected versions: - log-cache_release: all versions through v3.2.6 (inclusive); fixed in v3.2.7 or later - CF Deployment: all versions through v55.?.0 (inclusive); fixed in v55.?.0 or later (bundles log-cache_release v3.2.7)
Weaknesses CWE-287
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:X/CR:M/IR:X/AR:X/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:H/MI:N/MA:N'}

Subscriptions

Cloudfoundry Cf-deployment Log-cache Release
cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2026-06-02T13:11:52.780Z

Reserved: 2026-04-16T02:18:56.132Z

Link: CVE-2026-40964

cve-icon Vulnrichment

Updated: 2026-06-02T13:11:44.735Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-01T22:16:25.463

Modified: 2026-06-02T14:01:54.893

Link: CVE-2026-40964

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T20:52:25Z

Weaknesses