CVE-2026-40964: CWE-287: Improper Authentication in Cloud Foundry Foundation log-cache_release
CVE-2026-40964 is an authentication bypass vulnerability in the cf-auth-proxy component of Cloud Foundry Foundation's log-cache_release. This flaw allows an unauthenticated remote attacker to mint a JWT token accepted as a valid logs. admin token, granting read access to all logs and metrics for every application and platform component. The vulnerability affects all versions of log-cache_release through v3. 2. 6 inclusive and all CF Deployment versions through v55.?. 0 inclusive. It was fixed in log-cache_release v3. 2. 7 and CF Deployment v55.?.
AI Analysis
Technical Summary
CVE-2026-40964 is an improper authentication vulnerability (CWE-287) in the cf-auth-proxy component of Cloud Foundry Foundation's log-cache_release. The issue allows an unauthenticated remote attacker to bypass authentication by minting a JSON Web Token (JWT) that the cf-auth-proxy accepts as a valid logs.admin token. This grants unauthorized read access to all logs and metrics across applications and platform components. The vulnerability affects all versions of log-cache_release up to and including v3.2.6 and CF Deployment versions up to v55.?.0. The fix was introduced in log-cache_release v3.2.7 and CF Deployment v55.?.0 or later, which bundles the patched log-cache_release. The CVSS 3.1 base score is 7.5, reflecting a high-severity remote network vulnerability with no required privileges or user interaction and high confidentiality impact.
Potential Impact
An unauthenticated attacker can gain read access to all logs and metrics for every application and platform component in affected Cloud Foundry deployments. This exposure of sensitive operational data could lead to information disclosure, potentially aiding further attacks or reconnaissance. There is no indication of integrity or availability impact. No known exploits in the wild have been reported as of the published date.
Mitigation Recommendations
A fix is available in log-cache_release version 3.2.7 and CF Deployment version 55.?.0 or later, which includes the patched log-cache_release. Users should upgrade to these versions or later to remediate the vulnerability. Patch status is not explicitly confirmed in the provided data; therefore, users should verify the current remediation guidance from the Cloud Foundry Foundation vendor advisory before proceeding.
CVE-2026-40964: CWE-287: Improper Authentication in Cloud Foundry Foundation log-cache_release
Description
CVE-2026-40964 is an authentication bypass vulnerability in the cf-auth-proxy component of Cloud Foundry Foundation's log-cache_release. This flaw allows an unauthenticated remote attacker to mint a JWT token accepted as a valid logs. admin token, granting read access to all logs and metrics for every application and platform component. The vulnerability affects all versions of log-cache_release through v3. 2. 6 inclusive and all CF Deployment versions through v55.?. 0 inclusive. It was fixed in log-cache_release v3. 2. 7 and CF Deployment v55.?.
CVSS v3.1
Score 7.5high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-40964 is an improper authentication vulnerability (CWE-287) in the cf-auth-proxy component of Cloud Foundry Foundation's log-cache_release. The issue allows an unauthenticated remote attacker to bypass authentication by minting a JSON Web Token (JWT) that the cf-auth-proxy accepts as a valid logs.admin token. This grants unauthorized read access to all logs and metrics across applications and platform components. The vulnerability affects all versions of log-cache_release up to and including v3.2.6 and CF Deployment versions up to v55.?.0. The fix was introduced in log-cache_release v3.2.7 and CF Deployment v55.?.0 or later, which bundles the patched log-cache_release. The CVSS 3.1 base score is 7.5, reflecting a high-severity remote network vulnerability with no required privileges or user interaction and high confidentiality impact.
Potential Impact
An unauthenticated attacker can gain read access to all logs and metrics for every application and platform component in affected Cloud Foundry deployments. This exposure of sensitive operational data could lead to information disclosure, potentially aiding further attacks or reconnaissance. There is no indication of integrity or availability impact. No known exploits in the wild have been reported as of the published date.
Mitigation Recommendations
A fix is available in log-cache_release version 3.2.7 and CF Deployment version 55.?.0 or later, which includes the patched log-cache_release. Users should upgrade to these versions or later to remediate the vulnerability. Patch status is not explicitly confirmed in the provided data; therefore, users should verify the current remediation guidance from the Cloud Foundry Foundation vendor advisory before proceeding.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- vmware
- Date Reserved
- 2026-04-16T02:18:56.132Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1ee657e29bf47b50d3aa59
Added to database: 6/2/2026, 2:19:03 PM
Last enriched: 6/2/2026, 2:33:45 PM
Last updated: 6/2/2026, 3:43:24 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.