CVE-2026-22726

MEDIUM
Published May 1, 2026 Modified May 4, 2026 CWE-923

Description

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks reachable by the Gorouter, which may not have previously had direct access from outside networks, or from the application. Routing release: affected from v0.118.0 through v0.371.0 (inclusive); upgrade to v0.372.0 or greater. CF Deployment: affected from v0.0.2 through v54.14.0 (inclusive); upgrade to v55.0.0 or greater (includes routing_release v0.372.0).

CVSS v3.1 Score

5.0
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

EPSS — Exploit Prediction

0.0004
Probability of exploitation
0.13%
Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-923 CWE-923

Affected Products

Vendor Product
cloudfoundry cf-deployment
cloudfoundry routing_release

References

Frequently Asked Questions

What is CVE-2026-22726? +
Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks reachable by the Gorouter, which may not have previously had direct access from outside networks, or from the application. Routing release: affected from v0.118.0 through v0.371.0 (inclusive); upgrade to v0.372.0 or greater. CF Deployment: affected from v0.0.2 through v54.14.0 (inclusive); upgrade to v55.0.0 or greater (includes routing_release v0.372.0). It has a CVSS v3.1 base score of 5.0 (MEDIUM).
How severe is CVE-2026-22726? +
CVE-2026-22726 has a CVSS v3.1 score of 5.0 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance. The EPSS score is 0.0004, placing it in the 0th percentile for exploitation probability.
What products are affected by CVE-2026-22726? +
CVE-2026-22726 affects products from cloudfoundry, specifically: cf-deployment, routing_release. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2026-22726? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-46566 9.8

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the …
CVE-2024-41889 9.8

Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by …
CVE-2023-28078 9.1

Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated …
CVE-2025-48999 8.8

DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior …
CVE-2025-20261 8.8

A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS …
CVE-2024-26131 8.4

Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2026-22726 — free, no signup required.

Start Free Scan