top of page
perceptive_background_267k.jpg

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) pri…

Published:

31 May 2026 at 22:00:00

Alert date:

1 June 2026 at 23:04:16

Source:

nvd.nist.gov

Click to open the original link from this advisory

Cloud & Virtualization, Identity & Access

Cloud Foundry UAA versions v76.12.0 through v78.12.0 contain a critical vulnerability where Elliptic Curve (EC) private keys are inadvertently exposed through the public /token_keys endpoint. This endpoint is designed to provide public key material for JWT token verification but incorrectly exposes private key components for EC keys. The vulnerability only affects deployments using EC keys for JWT token signing, not RSA configurations. Fixed versions are uaa_release v78.13.0+ and CF Deployment v56.1.0+.

Technical details

Mitigation steps:

Affected products:

Cloud Foundry UAA

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-40965
https://www.cloudfoundry.org/blog/cve-2026-40965-uaa-ec-private-key-disclosure/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page