eastbaycyber

CVE-2026-40965: EC Private Key Exposure in Cloud Foundry UAA

CVE explainers 10 min read
SR
Security Research Desk Expert reviewed
Threat intelligence · Human-verified · Updated 2026-06-01
▲ Escalation ViewOne CVE, briefed at three altitudes — skim the Brief, weigh the Impact, or work the Runbook. The way a SOC actually reads it.
CISOBrief · 30-second brief

TL;DR - Cloud Foundry UAA can expose EC JWT signing private key material via the public /token_keys endpoint. - Affects uaa_release v76.12.0 through v78.12.0 and CF Deployment v30.0.0 through v56.0.0 when EC signing is used. - Upgrade now, rotate exposed EC keys, and assume token forgery risk until proven otherwise.

Field Value
CVE ID CVE-2026-40965
CVSS score 10.0 Critical
Attack vector Network
Auth required None
Patch status Yes. Fixed in uaa_release v78.13.0+ and CF Deployment v56.1.0+

What This Vulnerability Means in Practice

CVE-2026-40965 is a private key disclosure issue in Cloud Foundry UAA. According to the NVD description and Cloud Foundry advisory, the public /token_keys endpoint, which is intended to expose public verification material for JWT validation, may incorrectly include private key components when the deployment uses Elliptic Curve keys for JWT signing. The vendor advisory cites the CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L, which aligns with a remotely reachable, unauthenticated flaw with major confidentiality and integrity impact.

The practical consequence is more severe than a typical information leak. If an attacker can retrieve the exposed EC private key, they may be able to forge JWTs that appear to come from the trusted UAA instance. In environments where downstream applications, platform components, APIs, or identity-aware proxies trust UAA-signed tokens, a compromised signing key can undermine that trust boundary entirely. That can translate into impersonation, privilege abuse, or unauthorized API access, depending on how tokens are consumed in the environment.

This vulnerability is configuration-dependent. The issue affects deployments using EC keys for JWT signing. Deployments using RSA for JWT signing are explicitly described as not affected in the available source material. That distinction matters operationally because version exposure alone is not enough to confirm risk. Defenders need to confirm both version range and signing algorithm before scoping the incident.

At the time of writing, there is no source-backed evidence in the provided research that exploitation is confirmed in the wild. The CVE is not listed in CISA KEV based on the provided lookup. A public proof of concept was also not identified in the collected primary sources. In the absence of confirmed exploitation data, defenders should not downgrade urgency. This is a public endpoint returning sensitive cryptographic material under the wrong conditions, so exploitation may be straightforward even without a published PoC.

AnalystImpact · assess the risk

Affected Versions and Exposure Conditions

The affected version ranges are clearly stated in the NVD record and advisory. For Cloud Foundry UAA, the vulnerable range is v76.12.0 through v78.12.0 inclusive, and the fixed version is v78.13.0 or later. For Cloud Foundry CF Deployment, the vulnerable range is v30.0.0 through v56.0.0 inclusive, and the fixed version is v56.1.0 or later, which bundles uaa_release v78.13.0.

That version information should be treated as authoritative for patch planning, but version numbers alone do not tell the full story. The vulnerability affects only deployments using EC keys for JWT signing. If your UAA instance signs tokens with RSA keys, the research note indicates you are not affected by this specific flaw. If you do not know which signing mode is configured, you should assume possible exposure until configuration is verified, because the impact of a missed EC deployment is high.

Product Affected Versions Fixed Version
Cloud Foundry UAA (uaa_release) v76.12.0 through v78.12.0 inclusive v78.13.0 or later
Cloud Foundry CF Deployment v30.0.0 through v56.0.0 inclusive v56.1.0 or later

A second important scoping point is exposure history. Even if you patch immediately, prior exposure may still matter. Because this is a private key disclosure issue, patching stops future leakage but does not guarantee the key was not already collected. If the vulnerable endpoint was internet-reachable or accessible to untrusted internal users, you should evaluate it as a potential key compromise event and plan incident-response actions accordingly.

Exploitation Status, PoC Status, and Risk Assessment

Based on the supplied research, exploitation in the wild is not confirmed. The provided CISA KEV lookup shows the CVE is not currently listed, which means there is no KEV-backed confirmation of active exploitation in this dataset. That is useful context for prioritization, but it should not be interpreted as evidence of safety or low exploitability.

Also based on the provided sources, no public proof of concept was identified. That means defenders should avoid overstating the threat landscape. It would be inaccurate to claim a released exploit or broad attacker activity without evidence. However, this is one of those cases where the absence of a public PoC does not materially reduce urgency. The issue description itself explains the exploitation path: a public endpoint intended to expose key material incorrectly returns EC private key components. If true in a given deployment, the exploitation logic is direct.

From a defender’s perspective, the right assumption is that any exposed EC signing key may already be considered compromised if the affected endpoint was reachable before remediation. That assumption is conservative, but appropriate. Cryptographic signing keys are high-trust assets, and compromise changes the security posture of every relying service that accepts those tokens. Even if you find no signs of abuse, key rotation and trust review are prudent response steps after patching.

ResponderRunbook · act now

How to Verify Whether You Are Affected

Start by determining the deployed version of UAA or CF Deployment and whether the environment uses EC or RSA for JWT signing. If you are in the vulnerable version ranges and use EC signing, treat the instance as affected. If you are in-range but cannot quickly determine the signing algorithm, assume exposure until proven otherwise and prioritize remediation.

You should also inspect the /token_keys endpoint response in a controlled manner. The endpoint is intended to return public verification data. If you see fields or values that indicate private key material for an EC key, that is a direct sign of exposure. Be careful when handling any response data: if it contains sensitive key material, treat any copies, shell history, proxy logs, and debug captures as potentially sensitive incident artifacts.

Technical Notes

A basic check of the public endpoint may look like this:

curl -sk https://uaa.example.com/token_keys | jq .

To quickly inspect whether the response appears to include EC key details, you can save and review it offline:

curl -sk https://uaa.example.com/token_keys -o token_keys.json
jq . token_keys.json

Version checks will vary by deployment model. Where release metadata is accessible, record the exact deployed version and compare it to the affected ranges:

# Example placeholder workflow: confirm release metadata in your deployment records
grep -R "uaa_release" ./deployment-manifests ./ops-files 2>/dev/null
grep -R "cf-deployment" ./deployment-manifests ./ops-files 2>/dev/null

If you do not have a clean way to inspect release metadata centrally, assume the deployment is vulnerable when it falls within the maintenance window described by your internal change records and patch first. The risk of delay is higher than the inconvenience of expedited verification.

Detection and Threat Hunting Guidance

Detection for this issue has two tracks: evidence of vulnerable exposure and evidence of possible abuse after key disclosure. First, review HTTP access logs, reverse proxy logs, load balancer logs, WAF telemetry, and application access records for requests to /token_keys. Because the endpoint is expected to be public in many deployments, access alone is not proof of compromise. What matters is unusual volume, unexpected source ranges, spikes around disclosure dates, or access from reconnaissance infrastructure that has no business querying token verification metadata.

Second, hunt for suspicious JWT usage patterns downstream. A stolen signing key can enable forged tokens that validate correctly unless token consumers perform additional checks. Look for unusual claims, unfamiliar client IDs, anomalous issuer or audience combinations, privilege jumps, or successful authentication events inconsistent with user behavior. Exact detections will depend on your logging maturity. If token claims are not logged, defenders should at minimum review access patterns to sensitive APIs and administrative operations around the time /token_keys was accessed.

Technical Notes

A simple web log pattern to search for is repeated access to the endpoint:

grep -E '"(GET|HEAD) /token_keys' /var/log/nginx/access.log*

Example suspicious access pattern in common log format:

203.0.113.45 - - [01/Jun/2026:18:12:03 +0000] "GET /token_keys HTTP/1.1" 200 1847 "-" "curl/8.7.1"
198.51.100.24 - - [01/Jun/2026:18:12:07 +0000] "GET /token_keys HTTP/1.1" 200 1847 "-" "python-requests/2.32.0"

A Splunk query for endpoint access could look like:

index=proxy OR index=web
("/token_keys" AND (method=GET OR method=HEAD))
| stats count min(_time) as firstSeen max(_time) as lastSeen by src_ip, user_agent, host, status
| sort - count

A simple Sigma-style idea for translation into your SIEM:

title: Cloud Foundry UAA token_keys Access Spike
logsource:
  category: webserver
detection:
  selection:
    cs-uri-stem: "/token_keys"
  condition: selection
fields:
  - c-ip
  - cs-user-agent
  - sc-status
level: medium

Because there is no vendor-published detection artifact in the supplied sources, defenders should assume standard web and proxy logs are the best available telemetry unless their UAA deployment emits richer request logs.

Mitigation and Patching Steps

The primary remediation is to upgrade to a fixed release. The source-backed fixed versions are uaa_release v78.13.0 or later and CF Deployment v56.1.0 or later. If you operate a full CF Deployment, the most straightforward path is typically upgrading CF Deployment to v56.1.0+, which includes the fixed UAA release. If you manage UAA release packaging more directly, upgrade uaa_release to v78.13.0+.

Patching alone is not enough if the environment used EC signing while vulnerable. Because this bug can disclose a signing private key, defenders should rotate the affected EC keys after patching, then evaluate token invalidation and trust propagation. Downstream services that cache keys or trust tokens for extended periods may continue to accept forged tokens unless key rotation and validation state are handled carefully. Also review whether long-lived tokens, refresh tokens, or service-to-service trust chains require additional cleanup.

Technical Notes

Upgrade execution depends on how you manage Cloud Foundry. In BOSH-managed environments, a common workflow is to update release references and deploy:

# Example BOSH-driven workflow
bosh -d cf deploy cf-deployment.yml \
  -o operations/use-compiled-releases.yml \
  -v cf_deployment_version=v56.1.0

If you manage uaa_release directly in your deployment manifests, update the release version to the fixed release and redeploy:

# Example manifest edit pattern
grep -n "name: uaa" -A5 deployment.yml
# set version to v78.13.0 or later, then:
bosh -d uaa deploy deployment.yml

Because exact manifest structure varies, the authoritative action is the version target, not the sample command syntax. If your deployment tooling differs, use the equivalent release bump and redeploy flow in your pipeline. Do not stop at upgrade if EC keys were in use. Rotate the keys as a separate post-patch step using your existing secrets management and UAA key management process. If you do not have a documented key rotation runbook, assume existing tokens may remain trustworthy only after consumers have refreshed the new public key set.

As a temporary workaround, if immediate upgrade is not possible, defenders should reduce exposure by restricting access to /token_keys to only necessary consumers where architecture permits. This may not be operationally safe in every environment because token validation dependencies can break. If you cannot confidently scope consumers, prefer expedited patching over aggressive access controls. In all cases, if EC signing was used, plan key rotation rather than relying on network controls alone.

Response Priorities for Security and Platform Teams

For security teams, the highest priority is deciding whether this was merely a patch event or an incident involving key compromise. The answer depends on whether the environment used EC signing and whether /token_keys was reachable during the affected period. If both conditions were true, treat the signing key as potentially exposed and document the event accordingly. That should trigger key rotation, targeted log review, and an assessment of which applications and APIs trusted those tokens.

For platform teams, the next priority is validating downstream compatibility after remediation. Services that verify JWTs may cache key sets or rely on assumptions about signing algorithms. Test token issuance, verification, and user login flows after the fixed release is deployed and after key rotation occurs. Also communicate clearly with application owners that a trust anchor may have changed. This is especially important in environments with custom token consumers or legacy integrations that do not automatically refresh key metadata.

References

Primary sources for this article:

For further reading on related topics, check out our articles on Database Audit Logging Checklist and Insider Threats.

If you need to brief leadership, the concise message is this: a public endpoint may have exposed a JWT signing private key in affected Cloud Foundry UAA deployments using EC signing, the fix is available now, and environments should patch and rotate keys rather than treating this as a normal version-only upgrade.

This article may contain affiliate links. We earn a commission on qualifying purchases at no extra cost to you.

Last verified: 2026-06-01

Disclaimer: This article may contain affiliate links. We earn a commission on qualifying purchases at no extra cost to you.