Description
A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselves admin scopes. This affects every deployment that authenticates users against LDAP over StartTLS.
Affected versions: UAA versions prior to v78.13.0; Cf-deployment versions prior to v56.2.0.
Published: 2026-07-09
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 09 Jul 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Cloudfoundry
Cloudfoundry cf-deployment
Cloudfoundry uaa
Vendors & Products Cloudfoundry
Cloudfoundry cf-deployment
Cloudfoundry uaa

Thu, 09 Jul 2026 07:00:00 +0000

Type Values Removed Values Added
Description A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselves admin scopes. This affects every deployment that authenticates users against LDAP over StartTLS. Affected versions: UAA versions prior to v78.13.0; Cf-deployment versions prior to v56.2.0.
Title LDAP StartTLS unconditionally disables hostname verification
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N'}

cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Cloudfoundry Cf-deployment Uaa
cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2026-07-09T12:49:24.260Z

Reserved: 2026-05-20T10:00:51.003Z

Link: CVE-2026-47840

cve-icon Vulnrichment

Updated: 2026-07-09T12:49:17.939Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-09T08:30:03Z

Weaknesses

No weakness.