CVE-2026-22727 Cloud Foundry unprotected internal endpoints

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure application information...

CVE-2026-22727

CVE-2026-22727 affects Cloud Foundry components where unprotected internal endpoints in Capi Release 1.226.0 and below and CF Deployment v54.9.0 and below allow bypassed-internal-network users to potentially replace droplets and access secure app information. The issue centers on exposed internal...

CVE-2026-22727

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure application information...

PT-2026-25958

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure application information...

CVE-2026-22727 - Unprotected internal endpoints | Cloud Foundry

Severity HIGH CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 Vendor CloudFoundry Foundation Versions Affected Capi Release: 1.226.0 and below CF Deployment: v5 4.9.0 and below Description An attacker with access to the Cloud Foundry internal network could potentially inject malicious code into ...

EUVD-2017-17003

Malware in sbrugna...

EUVD-2017-17004

Malware in sbrugna...

EUVD-2024-37642

Malicious code in bioql PyPI...

CVE-2024-38826

Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller. The Cloud Foundry project recommends upgrading the following releases: Upgrade capi release version to 1.194.0 or...

CVE-2024-38826 CVE-2024-38826 Cloud Controller Denial of Service Attack

Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller. The Cloud Foundry project recommends upgrading the following releases: Upgrade capi release version to 1.194.0 or...

CVE-2024-38826

CVE-2024-38826 concerns Cloud Foundry Cloud Controller. Authenticated users can upload specially crafted files to leak server resources, enabling a potential denial-of-service against the Cloud Controller. Affected components include Cloud Foundry Capi Release versions before 1.194.0 and cf-deplo...

PT-2024-28234 · Cloud Foundry · Cf-Deployment +1

Name of the Vulnerable Software and Affected Versions: Cloud Foundry Capi Release versions prior to 1.194.0 Cloud Foundry cf-deployment versions prior to v44.1.0 Description: The issue allows authenticated users to upload specifically crafted files, potentially leading to a denial of service atta...

CVE-2024-38826 Cloud Controller Denial of Service Attack | Cloud Foundry

Severity MEDIUM Vendor CloudFoundry Foundation Versions Affected Capi Release version 1.194 Description Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller. Mitigation...

CVE-2019-3798: Escalation of Privileges in Cloud Controller | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions CAPI-Release All versions prior to 1.79.0 Description Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote...

Cloud Foundry Arbitrary Code Execution Vulnerability

Pivotal Software Cloud Foundry is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software that provides container scheduling, continuous delivery, and automated service deployment. capi-release and cf-release are both Cloud Foundry releases. A security vulnerabili...

CVE-2016-2169

Cloud Foundry CVE-2016-2169 affects Cloud Foundry Cloud Controller: capi-release versions before 1.0.0 and cf-release versions before v237. The issue is a business-logic flaw where an application could create a route that conflicts with a platform service route, causing traffic intended for the s...

CVE-2017-14389

An issue was discovered in Cloud Foundry Foundation capi-release all versions prior to 1.45.0, cf-release all versions prior to v280, and cf-deployment all versions prior to v1.0.0. The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that...

Code injection

An issue was discovered in Cloud Foundry Foundation capi-release all versions prior to 1.45.0, cf-release all versions prior to v280, and cf-deployment all versions prior to v1.0.0. The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that...

CVE-2017-14389

An issue was discovered in Cloud Foundry Foundation capi-release all versions prior to 1.45.0, cf-release all versions prior to v280, and cf-deployment all versions prior to v1.0.0. The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that...

CVE-2017-14389

CVE-2017-14389 affects Cloud Foundry Foundation components capi-release (all versions < 1.45.0), cf-release (all versions < v280), and cf-deployment (all versions