CVE-2026-22723

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

Denial Of Service (DoS) Through Token Revocation

CloudFoundry User Account and Authentication UAA is vulnerable to denial of service DoS attacks. The checktoken endpoint does not validate the clientId when revoking opaque or JWT client tokens, allowing a malicious user to revoke another user's token...