What is CVE-2026-22723?

CVE-2026-22723 is a medium-severity vulnerability in Cloudfoundry Cf-deployment, classified under Weak Password Recovery Mechanism for Forgotten Password. CVSS score: 6.5/10. Published 2026-03-05.

How severe is CVE-2026-22723?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Cloudfoundry Cf-deployment

CVE-2026-22723

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.

EPSS: 0.001 (23.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Cloudfoundry Cf-deployment
Cloudfoundry Uaa-release
Cloudfoundry Foundation Uaa — versions 77.30.0

Weakness classification (CWE)

CWE-640 — Weak Password Recovery Mechanism for Forgotten Password
CWE-693 — Protection Mechanism Failure

References

security@vmware.com (Mitigation, Vendor Advisory)

Frequently asked questions

What is CVE-2026-22723?: CVE-2026-22723 is a medium-severity vulnerability in Cloudfoundry Cf-deployment, classified under Weak Password Recovery Mechanism for Forgotten Password. CVSS score: 6.5/10. Published 2026-03-05.
How severe is CVE-2026-22723?: Medium severity. CVSS v3 base score is 6.5 out of 10.