Primary

Context

Cloud Foundry Capi and CF Deployment Unprotected Internal Endpoint Vulnerability Allowing Code Injection

Vulnerability

Patched

A vulnerability exists in Cloud Foundry Capi Release 1.226.0 and earlier, as well as CF Deployment v54.9.0 and earlier on all platforms. This vulnerability arises from unprotected internal endpoints that allow users who have bypassed the firewall to potentially replace application droplets. By doing so, they could inject malicious code into the application environment, accessing secure application information.

Impact

Exploitation of this vulnerability could lead to unauthorized code injection into Cloud Foundry applications by replacing application droplets, potentially allowing access to sensitive application data.

Remediation

Users are advised to upgrade to Cloud Foundry Capi Release versions 1.227.0 or greater and to upgrade CF Deployment to version 54.10.0 or greater.

Added: Mar 17, 2026, 11:38 PM

Updated: Mar 17, 2026, 11:38 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

3.3

remediation

7.7

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

3.3

remediation

7.7

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cloud Foundry Capi and CF Deployment Unprotected Internal Endpoint Vulnerability Allowing Code Injection

Vulnerability

Impact

Remediation

Affected Products

Cloud Foundry Capi Release

Cloud Foundry CF Deployment

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating