top of page
perceptive_background_267k.jpg

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) pri…

Published:

31 mei 2026 om 22:00:00

Alert date:

1 juni 2026 om 23:04:16

Source:

nvd.nist.gov

Click to open the original link from this advisory

Cloud & Virtualization, Identity & Access

Cloud Foundry UAA versions v76.12.0 through v78.12.0 contain a critical vulnerability where Elliptic Curve (EC) private keys are inadvertently exposed through the public /token_keys endpoint. This endpoint is designed to provide public key material for JWT token verification but incorrectly exposes private key components for EC keys. The vulnerability only affects deployments using EC keys for JWT token signing, not RSA configurations. Fixed versions are uaa_release v78.13.0+ and CF Deployment v56.1.0+.

Technical details

Mitigation steps:

Affected products:

Cloud Foundry UAA

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-40965
https://www.cloudfoundry.org/blog/cve-2026-40965-uaa-ec-private-key-disclosure/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page