EXECUTIVE SUMMARY:
CVE-2026-41005 with a CVSS score of 9.0 is a critical vulnerability in the Cloud Foundry User Account and Authentication (UAA) component that allows attackers to bypass SAML authentication due to a logic flaw that incorrectly treats XML encryption as proof of authenticity. Since encryption protects confidentiality rather than origin verification, an attacker can forge SAML assertions by creating valid ciphertext using the Service Providers public key obtained from published metadata. Successful exploitation enables unauthorized access through the OAuth 2.0 SAML2 bearer grant or browser-based SSO when assertion signing is disabled. An attacker only needs the ability to submit a crafted SAML assertion to the vulnerable UAA component, potentially resulting in unauthorized access to sensitive resources, data exposure, and system compromise.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-41005 with a CVSS score of 9.0 is a critical vulnerability in the Cloud Foundry User Account and Authentication (UAA) component that allows attackers to bypass SAML authentication due to a logic flaw that incorrectly treats XML encryption as proof of authenticity. Since encryption protects confidentiality rather than origin verification, an attacker can forge SAML assertions by creating valid ciphertext using the Service Providers public key obtained from published metadata. Successful exploitation enables unauthorized access through the OAuth 2.0 SAML2 bearer grant or browser-based SSO when assertion signing is disabled. An attacker only needs the ability to submit a crafted SAML assertion to the vulnerable UAA component, potentially resulting in unauthorized access to sensitive resources, data exposure, and system compromise.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/cloud-foundry-uaa-vulnerability/
[/emaillocker]