CVE-2026-41005— UAA accepts SAML Encrypted Assertions authentication bypass
Affected Version Matrix 2
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cloud Foundry | CF Deployment | 0.0.0< 57.0.0 | affected |
| Cloud Foundry | UAA | 2.0.0< 78.14.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-41005
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
UAA accepts SAML Encrypted Assertions authentication bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two SAML flows: the OAuth 2.0 SAML2 bearer grant (token endpoint) and browser SSO (ACS) when wantAssertionSigned is set to false. Assertions or responses that were unsigned but contained encrypted content could still be accepted. Encryption uses the SP's public key from published metadata, therefore, any party, not only a trusted IdP, can produce ciphertext UAA can decrypt; successful decryption therefore does not prove the IdP issued the message. Affected versions: Cloud Foundry UAA (uaa_release) 2.0.0 through 78.13.0. Cloud Foundry CF Deployment all versions through 56.1.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
密码学签名的验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cloud Foundry UAA和CloudFoundry CF Deployment 数据伪造问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cloud Foundry UAA是美国Cloud Foundry基金会的一款应用于CloudFoundry云平台的身份验证和管理服务终端。CloudFoundry CF Deployment 是CloudFoundry基金会的一个代码部署组件。 Cloud Foundry UAA 2.0.0至78.13.0版本和CloudFoundry CF Deployment 56.1.0及之前版本存在数据伪造问题漏洞,该漏洞源于错误将XML加密视为签名替代,可能导致接受未签名但加密的断言。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cloud Foundry | UAA | 2.0.0 ~ 78.14.0 | - | |
| Cloud Foundry | CF Deployment | 0.0.0 ~ 57.0.0 | - |
II. Public POCs for CVE-2026-41005
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-41005
请登录查看更多情报信息。
Security Blog Posts for CVE-2026-41005 (1)
IV. Related Vulnerabilities
Same weakness: CWE-347
- CVE-2026-42743
WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentic - CVE-2026-48558
SimpleHelp Authentication Bypass via Missing OIDC JWT Signat - CVE-2026-50010
Netty's wrapping plain trust manager silently disables hostn - CVE-2026-50634
Apache CXF: WS JSON request filter trusts metadata from an u - CVE-2026-10795
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauth
V. Comments for CVE-2026-41005
No comments yet