CVE-2026-22734 is an authentication bypass vulnerability in Cloud Foundry UUA affecting versions 77.30.0 through 78.7.0 and CF Deployment versions 48.7.0 through 54.14.0. The issue occurs when SAML 2.0 bearer assertions are enabled for a client, and the UAA accepts these assertions even if they are neither signed nor encrypted. This flaw allows an attacker to spoof authentication and obtain tokens for arbitrary users, granting unauthorized access to systems protected by UAA. The vulnerability is classified under CWE-290 (Authentication Bypass by Spoofing). The CVSS v3.1 base score is 8.6, indicating high severity, with network attack vector, low attack complexity, no privileges required, no user interaction, and high confidentiality impact but no integrity or availability impact. No official remediation or patch is currently documented, and no known exploits have been observed.

An attacker can bypass authentication controls by exploiting acceptance of unsigned and unencrypted SAML 2.0 bearer assertions, allowing them to obtain tokens for any user. This leads to unauthorized access to systems protected by UAA, potentially exposing sensitive information. The confidentiality impact is high, but integrity and availability are not affected. No known exploitation in the wild has been reported to date.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, organizations should consider disabling SAML 2.0 bearer assertions for clients or implementing additional validation controls to ensure assertions are signed and encrypted. Monitor vendor communications for updates on patches or official mitigations.