What is CVE-2026-22727?

CVE-2026-22727 is a high-severity vulnerability in Cloudfoundry Cloud Foundry, classified under Missing Authentication for Critical Function. CVSS score: 7.5/10. Published 2026-03-17.

How severe is CVE-2026-22727?

High severity. CVSS v3 base score is 7.5 out of 10.

Auth bypass in Cloudfoundry Cloud Foundry

CVE-2026-22727

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications a…

Vulnerability class: Broken Authentication

EPSS: 0.000 (1.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cloudfoundry Cloud Foundry — versions 1.0

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

www.cloudfoundry.org/blog/cve-2026-22727-unprotected-internal-endpoints

Frequently asked questions

What is CVE-2026-22727?: CVE-2026-22727 is a high-severity vulnerability in Cloudfoundry Cloud Foundry, classified under Missing Authentication for Critical Function. CVSS score: 7.5/10. Published 2026-03-17.
How severe is CVE-2026-22727?: High severity. CVSS v3 base score is 7.5 out of 10.