Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-40965

CVE-2026-40965: Cloud Foundry UAA Key Exposure Issue

CVE-2026-40965 is a private key exposure vulnerability in Cloud Foundry UAA affecting versions v76.12.0 through v78.12.0. EC private keys are exposed via the /token_keys endpoint. This article covers the issue details, affected versions, impact, and mitigation steps.

Published:

CVE-2026-40965 Overview

CVE-2026-40965 is an information disclosure vulnerability in Cloud Foundry User Account and Authentication (UAA) server. The /token_keys endpoint inadvertently exposes Elliptic Curve (EC) private key material that should remain confidential. This endpoint is designed to publish only public key data for JSON Web Token (JWT) verification. Deployments that sign JWTs with EC keys leak the corresponding private components to any unauthenticated network caller. RSA-signed deployments are not affected. Attackers obtaining the private key can forge arbitrary JWTs, impersonate any user, and pivot across services that trust UAA-issued tokens [CWE-200].

Critical Impact

Unauthenticated attackers can retrieve EC private keys from the public /token_keys endpoint and forge valid JWTs to impersonate any UAA-authenticated principal.

Affected Products

  • Cloud Foundry uaa_release versions v76.12.0 through v78.12.0 (inclusive)
  • Cloud Foundry cf-deployment versions v30.0.0 through v56.0.0 (inclusive)
  • Deployments configured to sign JWTs with EC keys

Discovery Timeline

  • 2026-06-01 - CVE-2026-40965 published to NVD
  • 2026-06-02 - Last updated in NVD database

Technical Details for CVE-2026-40965

Vulnerability Analysis

UAA exposes a JSON Web Key Set (JWKS) document at /token_keys so that relying parties can validate JWT signatures. For RSA keys, UAA correctly returns only the modulus and public exponent. For EC keys, the serialization routine includes the private scalar d alongside the public x and y coordinates. Any unauthenticated client reaching the endpoint receives complete EC key pairs. With the private key, an attacker constructs JWTs containing arbitrary claims, signs them with the leaked key, and presents them to any service that trusts UAA tokens. This breaks authentication integrity across the entire Cloud Foundry foundation and any downstream system federating identity through UAA.

Root Cause

The JWKS serialization logic for EC keys does not strip private parameters before returning the key set. The code path treats EC keys symmetrically to public material, omitting the private-component filter applied to RSA keys. The bug is scoped to EC key handling and does not impact RSA deployments.

Attack Vector

The attack vector is network-based, requires no authentication, no user interaction, and minimal complexity. An attacker issues an unauthenticated HTTP GET request to https://<uaa-host>/token_keys, parses the returned JWKS, extracts the d parameter from each EC entry, and reconstructs the private key. The attacker then mints JWTs with elevated scopes such as uaa.admin or cloud_controller.admin and presents them to UAA-protected APIs. Refer to the Cloud Foundry Blog Post for vendor technical details.

Detection Methods for CVE-2026-40965

Indicators of Compromise

  • Unexpected GET requests to /token_keys from external or non-relying-party source IPs.
  • JWKS responses containing a d field within EC key entries returned by UAA.
  • JWT authentication events presenting tokens signed by UAA but issued with claims that do not match any legitimate login flow.
  • Privileged API calls authenticated by tokens whose jti is absent from UAA's issued-token records.

Detection Strategies

  • Inspect HTTP access logs on UAA for anonymous requests to /token_keys and baseline expected callers.
  • Parse the JWKS response in monitoring to alert when EC entries contain the private d component.
  • Correlate UAA-issued JWTs against UAA's authoritative token issuance log to identify forged tokens.

Monitoring Recommendations

  • Forward UAA audit logs and Gorouter access logs to a centralized SIEM and alert on /token_keys access spikes.
  • Monitor Cloud Controller and other UAA-trusting components for tokens with unusual client_id and scope combinations.
  • Track key identifier (kid) usage and rotate immediately if any EC key was ever served by an affected version.

How to Mitigate CVE-2026-40965

Immediate Actions Required

  • Upgrade uaa_release to v78.13.0 or later, or cf-deployment to v56.1.0 or later.
  • Rotate all EC signing keys after upgrading and revoke tokens signed by the exposed keys.
  • Audit token issuance and API logs for activity that may have used forged JWTs.
  • Restrict network exposure of UAA where business requirements permit.

Patch Information

The issue is fixed in uaa_releasev78.13.0 and bundled in cf-deploymentv56.1.0. The fix removes private EC parameters from the JWKS response so that /token_keys returns only x, y, crv, and kid for EC entries. See the Cloud Foundry Blog Post for full release details.

Workarounds

  • Reconfigure UAA to use RSA keys for JWT signing until the patched release can be deployed.
  • Place UAA behind a reverse proxy rule that blocks responses containing the d field from /token_keys.
  • Restrict /token_keys to known relying-party networks where architecturally feasible.
bash
# Verify the JWKS response no longer contains private EC parameters
curl -s https://uaa.example.com/token_keys | jq '.keys[] | select(.kty=="EC") | keys'
# Expected output should not include "d"

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne