{"id":"CVE-2026-22723","summary":"UAA User Token Revocation logic error","details":"Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.","aliases":["GHSA-6wcw-r64p-qrrw"],"modified":"2026-07-15T01:49:10.739870359Z","published":"2026-03-05T20:40:27.743Z","database_specific":{"unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"77.30.0"},{"last_affected":"v78.7.0"}]}],"cna_assigner":"vmware","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22723.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22723.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22723"},{"type":"ARTICLE","url":"https://www.cloudfoundry.org/blog/cve-2026-22723-uaa-user-token-revocation/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/cf-deployment","events":[{"introduced":"0"},{"last_affected":"d315177ed6d7294f0249bb6038cadf8b723189d1"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"54.11.0"}]}}],"versions":["v54.11.0","v54.10.0","v54.9.0","v54.8.0","v54.7.0","v54.6.0","v54.5.0","v54.4.0","v54.3.0","v54.2.0","v54.1.0","v54.0.0","v53.8.0","v53.7.0","v53.6.0","v53.5.0","v53.4.0","v53.3.0","v53.2.0","v53.1.0","v53.0.0","v52.0.0","v51.11.0","v51.10.0","v51.9.0","v51.8.0","v51.7.0","v51.6.0","v51.5.0","v51.4.0","v51.3.0","v51.2.0","v51.1.0","v51.0.0","v50.4.0","v50.3.0","v50.2.0","v50.1.0","v50.0.0","v49.6.0","v49.5.0","v49.4.0","v49.2.0","v49.1.0","v49.0.0","v48.11.0","v48.10.0","v48.9.0","v48.8.0","v48.7.0","v48.6.0","v48.5.0","v48.4.0","v48.3.0","v48.2.0","v48.1.0","v48.0.0","v47.1.0","v47.0.0","v46.7.0","v46.6.0","v46.5.0","v46.4.0","v46.3.0","v46.2.0","v46.1.0","v46.0.0","v45.1.0","v45.0.0","v44.11.0","v44.10.0","v44.9.0","v44.8.0","v44.7.0","v44.6.0","v44.5.0","v44.4.0","v44.3.0","v44.2.0","v44.1.0","v44.0.0","v43.6.0","v43.5.0","v43.4.0","v43.3.0","v43.2.0","v43.1.0","v43.0.0","v42.6.0","v42.5.0","v42.4.0","v42.3.0","v42.2.0","v42.1.0","v42.0.0","v41.3.0","v41.2.0","v41.1.0","v41.0.0","v40.19.0","v40.18.0","v40.16.0","v40.17.0","v40.15.0","v40.14.0","v40.13.0","v40.12.0","v40.11.0","v40.10.0","v40.9.0","v40.8.0","v40.7.0","v40.6.0","v40.5.0","v40.4.0","v40.3.0","v40.2.0","v40.1.0","v40.0.0","v39.8.0","v39.7.0","v39.6.0","v39.5.0","v39.4.0","v39.3.0","v39.2.0","v39.1.0","v39.0.0","v38.1.0","v38.0.0","v37.5.0","v37.4.0","v37.3.0","v37.2.0","v37.1.0","v35.5.0","v37.0.0","v36.0.0","v35.4.0","v35.3.0","v35.2.0","v35.1.0","v35.0.0","v34.2.0","v34.1.0","v34.0.0","v33.12.0","v33.11.0","v33.10.0","v33.9.0","v33.8.0","v33.7.0","v33.6.0","v33.5.0","v33.4.0","v33.3.0","v33.2.0","v33.1.0","v33.0.0","v32.17.0","v32.16.0","v32.15.0","v32.14.0","v32.13.0","v32.12.0","v32.11.0","v32.10.0","v32.9.0","v32.8.0","v32.7.0","v32.6.0","v32.5.0","v32.4.0","v32.3.0","v32.2.0","v32.1.0","v32.0.0","v31.6.0","v31.5.0","v31.4.0","v31.3.0","v31.2.0","v31.1.0","v31.0.0","v30.10.0","v30.9.0","v30.8.0","v30.7.0","v30.6.0","v30.5.0","v30.4.0","v30.3.0","v30.2.0","v30.1.0","v30.0.0","v29.1.0","v29.0.0","v28.2.0","v28.1.0","v28.0.0","v27.8.0","v27.7.0","v27.6.0","v27.5.0","v27.4.0","v27.2.0","v27.1.0","v27.0.0","v26.7.0","v26.6.0","v26.5.0","v26.4.0","v26.3.0","v26.2.0","v26.1.0","v26.0.0","v25.1.0","v25.0.0","v24.7.0","v24.4.0","v24.3.0","v24.2.0","v24.1.0","v24.0.0","v23.5.0","v23.4.0","v23.3.0","v23.2.0","v23.1.0","v22.1.0","v23.0.0","v22.2.0","v22.0.0","v21.11.0","v21.10.0","v21.9.0","v21.8.0","v21.7.0","v21.6.0","v21.5.0","v21.4.0","v21.3.0","v21.2.0","v21.1.0","v21.0.0","v20.4.0","v20.3.0","v20.2.0","v20.1.0","v20.0.0","v19.0.0","v18.0.0","v17.1.0","v17.0.0","v16.25.0","v16.24.0","v16.23.0","v16.21.0","v16.22.0","v16.20.0","v16.19.0","v16.18.0","v16.17.0","v16.16.0","v16.15.0","v16.14.0","v16.13.0","v16.12.0","v16.11.0","v16.10.0","v16.9.0","v16.8.0","v16.7.0","v16.6.0","v16.5.0","v16.4.0","v16.3.0","v16.2.0","v16.1.0","v16.0.0","v15.7.0","v15.6.0","v15.5.0","v15.4.0","v15.3.0","v15.2.0","v15.1.0","v15.0.0","v14.0.0","v13.23.0","v13.22.0","v13.21.0","v13.20.0","v13.19.0","v13.18.0","v13.17.0","v13.16.0","v13.15.0","v13.14.0","v13.13.0","v13.12.0","v13.11.0","v13.10.0","v13.9.0","v13.8.0","v13.7.0","v13.6.0","v13.5.0","v13.4.0","v13.3.0","v13.2.0","v13.1.0","v13.0.0","v12.45.0","v12.44.0","v12.43.0","v12.42.0","v12.41.0","v12.40.0","v12.39.0","v12.38.0","v12.37.0","v12.36.0","v12.35.0","v12.34.0","v12.33.0","v12.32.0","v12.31.0","v12.30.0","v12.29.0","v12.28.0","v12.27.0","v12.26.0","v12.25.0","v12.24.0","v12.23.0","v12.22.0","v12.21.0","v12.20.0","v12.19.0","v12.18.0","v12.17.0","v12.16.0","v12.15.0","v12.14.0","v12.13.0","v12.12.0","v12.11.0","v12.10.0","v12.9.0","v12.8.0","v12.7.0","v12.6.0","v12.5.0","v12.4.0","v12.3.0","v12.2.0","v12.1.0","v12.0.0","v11.2.0","v11.1.0","v11.0.0","v10.1.0","v10.0.0","v7.9.0","v7.8.0","v7.6.0","v7.5.0","v7.4.0","v7.3.0","v7.2.0","v7.1.0","v7.0.0","v6.10.0","v6.9.0","v6.8.0","v6.7.0","v6.6.0","v6.5.0","v6.4.0","v6.3.0","v6.2.0","v6.1.0","v6.0.0","v5.5.0","v5.4.0","v5.3.0","v5.1.0","v5.0.0","v4.5.0","v4.4.0","v4.3.0","v4.2.0","v4.1.0","v4.0.0","v3.6.0","v3.5.0","v3.4.0","v3.3.0","v3.2.0","v3.1.0","v3.0.0","v2.5.0","v2.4.0","v2.3.0","v2.2.0","v2.1.0","v2.0.0","v1.38.0","v1.37.0","v1.36.0","v1.35.0","v1.34.0","v1.33.0","v1.32.0","v1.31.0","v1.30.0","v1.29.0","v1.28.0","v1.27.0","v1.26.0","v1.25.0","v1.24.0","v1.23.0","v1.22.0","v1.21.0","v1.20.0","v1.19.0","v1.18.0","v1.16.0","v1.17.0","v1.15.0","v1.14.0","v1.13.0","v1.12.0","v1.11.0","v1.10.0","v1.9.0","v1.8.0","v1.7.0","v1.6.0","v1.5.0","v1.4.0","v1.3.0","v1.2.0","v1.1.0","v0.37.0","v1.0.0","v0.36.0","v0.35.0","v0.34.0","v0.33.0","v0.32.0","v0.31.0","v0.30.0","v0.28.0","v0.29.0","v0.15.0","v0.13.0","v0.14.0","v0.12.0","v0.11.0","v0.10.0","v0.9.1","v0.9.0","v0.8.0","v0.3.0","v0.7.0","v0.5.0","v0.2.1","v0.2.2","v0.2.0","v0.1.0","v0.0.2","v0.0.1","v0.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22723.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/uaa-release","events":[{"introduced":"8f629f43ba8f10b5a423c4dd1841e9e90481fe1d"},{"fixed":"18c17a624517aa3eb3c5d8735e2400843b48c861"}],"database_specific":{"cpe":"cpe:2.3:a:cloudfoundry:uaa-release:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"77.30.0"},{"fixed":"78.8.0"}],"source":"CPE_RANGE"}}],"versions":["v78.7.0","v78.6.0","v78.5.0","v78.4.0","v78.3.0","v78.2.0","v78.1.0","v78.0.0","v77.35.0","v77.34.0","v77.33.0","v77.32.0","v77.31.0","v77.30.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22723.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}