CVE-2026-22734 is an authentication bypass vulnerability in Cloud Foundry UUA affecting versions v77.30.0 to v78.7.0 and CF Deployment versions v48.7.0 to v54.14.0. The issue occurs when SAML 2.0 bearer assertions are enabled for a client, and the UAA accepts these assertions without requiring them to be signed or encrypted. This flaw allows attackers to spoof authentication tokens for any user, thereby gaining unauthorized access to systems protected by UAA. The vulnerability is categorized under CWE-290 (Authentication Bypass by Spoofing). The CVSS v3.1 base score is 8.6, reflecting a high severity with network attack vector, low attack complexity, no privileges required, no user interaction, and a scope change with high confidentiality impact but no integrity or availability impact. No official remediation or patch is currently documented.

An attacker can bypass authentication controls by exploiting the acceptance of unsigned and unencrypted SAML 2.0 bearer assertions, allowing them to obtain tokens for arbitrary users. This leads to unauthorized access to systems protected by UAA, potentially exposing sensitive data. The confidentiality of user accounts and protected resources is at high risk. There is no indication of impact on integrity or availability. No known exploits have been reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, organizations should consider disabling SAML 2.0 bearer assertions for clients or enforcing strict validation of SAML assertions, including requiring signatures and encryption, to mitigate the risk. Monitor vendor communications for updates on patches or official mitigations.