CVE-2026-41005: Cloud Foundry UAA SAML Signature Bypass

Executive Summary

A high-severity authentication bypass vulnerability (CVE-2026-41005, CVSS 9.0) has been disclosed in Cloud Foundry UAA (User Account and Authentication), the identity and access management component of the Cloud Foundry platform. The flaw allows an attacker to forge SAML assertions that the UAA will accept as authentic, effectively bypassing authentication and potentially gaining unauthorized access to Cloud Foundry resources.

CVSS Score: 9.0 (High)

The root cause is an improper trust relationship: UAA incorrectly treats XML encryption (which guarantees confidentiality) as a substitute for XML signature verification (which guarantees authenticity) in two SAML flows — the OAuth 2.0 SAML2 bearer grant and browser SSO when wantAssertionSigned is set to false.

Vulnerability Overview

Attribute	Value
CVE ID	CVE-2026-41005
CVSS Score	9.0 (High)
CWE	CWE-347: Improper Verification of Cryptographic Signature
Attack Vector	Network
Affected Component	Cloud Foundry UAA
Affected Flows	OAuth 2.0 SAML2 bearer grant; Browser SSO (ACS)
Trigger Condition	`wantAssertionSigned=false`
Published	2026-06-11

Affected Products

Vendor	Product	Vulnerable Condition
Cloud Foundry	UAA (User Account & Authentication)	`wantAssertionSigned` = false in SAML SP config

Vulnerability Details

SAML Encryption vs. Signature: A Critical Distinction

SAML assertions rely on two separate cryptographic mechanisms that serve distinct security purposes:

XML Encryption — encrypts the assertion content so only the intended recipient (Service Provider) can read it. This protects confidentiality.
XML Signature — cryptographically signs the assertion so the recipient can verify it was issued by the trusted Identity Provider. This protects authenticity and integrity.

These two controls are independent. An assertion can be encrypted but unsigned, in which case it is confidential but not authenticated — meaning any party that knows the Service Provider's encryption key could craft a valid-looking encrypted assertion without it having been issued by the IdP.

CVE-2026-41005 exploits this distinction. Cloud Foundry UAA incorrectly assumed that if an assertion was properly encrypted (only the SP could decrypt it), it must have come from the trusted IdP. This assumption is wrong — encryption only protects the contents in transit; it does not prove the identity of the sender.

Affected SAML Flows

Two specific flows are vulnerable when wantAssertionSigned=false:

1. OAuth 2.0 SAML2 Bearer Grant (Token Endpoint)

Attacker → UAA Token Endpoint (POST /oauth/token)
  Body: grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer
        assertion=<crafted_encrypted_unsigned_saml_assertion>
 
UAA: Decrypts assertion successfully ✓
UAA: Checks signature → wantAssertionSigned=false, SKIPPED
UAA: Issues OAuth token for claimed identity ← Authentication Bypass

2. Browser SSO via ACS (Assertion Consumer Service)

Attacker → UAA ACS Endpoint (POST /saml/SSO/alias/...)
  Body: SAMLResponse=<crafted_encrypted_unsigned_saml_response>
 
UAA: Decrypts SAMLResponse successfully ✓
UAA: Signature check skipped (wantAssertionSigned=false)
UAA: Establishes session for attacker-specified identity ← Authentication Bypass

Attack Requirements

To exploit this vulnerability, an attacker needs:

The Service Provider's encryption certificate/public key — used to encrypt the forged assertion. This may be obtainable from the SP metadata endpoint (often publicly exposed at /saml/metadata).
Network access to the UAA SAML endpoints.
The target UAA must be configured with wantAssertionSigned=false for the target SAML Identity Provider.

Impact

A successful exploit allows an attacker to:

Impersonate any user in the Cloud Foundry environment, including administrators
Obtain valid OAuth tokens for arbitrary user identities
Establish authenticated browser sessions as any user
Access Cloud Foundry resources — apps, spaces, orgs — with the privileges of the impersonated user

Deployment Context and Risk

Configuration	Risk Level	Notes
`wantAssertionSigned=false` + SP metadata publicly exposed	Critical	Attacker can obtain SP cert from metadata and forge assertions immediately
`wantAssertionSigned=false` + SP metadata restricted	High	Attacker with metadata access or cert knowledge can exploit
`wantAssertionSigned=true`	Not vulnerable	Signature verification enforced; this CVE does not apply

Recommended Mitigations

1. Enable Signature Verification (Primary Fix)

Set wantAssertionSigned=true in your UAA SAML Service Provider configuration:

# UAA configuration (uaa.yml or bosh manifest)
login:
  saml:
    wantAssertionSigned: true   # CRITICAL: ensure this is true

This ensures UAA validates the XML signature on every SAML assertion, regardless of encryption status.

2. Rotate SP Encryption Keys

If the SP metadata endpoint was publicly accessible, assume the encryption certificate is known to potential attackers. Rotate the SAML SP encryption key pair:

# UAA SAML key rotation (Cloud Foundry BOSH)
# Update the saml.serviceProviderKey and saml.serviceProviderKeyPassword
# in the UAA BOSH deployment manifest, then redeploy

3. Restrict SAML Endpoint Access

Limit network access to the UAA SAML ACS and token endpoints to trusted networks where possible.

4. Audit SAML-Based Authentications

Review UAA audit logs for suspicious SAML authentication events, especially:

Authentications for high-privilege accounts (admins, operators)
Authentications from unexpected source IPs
Token grants using the SAML2 bearer flow

# Cloud Foundry UAA audit log (example query)
cf curl /v2/events?q=type:audit.user.authenticate | grep saml

5. Apply Vendor Patch

Apply the official Cloud Foundry UAA patch when released. Monitor:

Post-Remediation Checklist

Verify wantAssertionSigned=true is set and UAA has been redeployed
Rotate SAML SP encryption certificate if SP metadata was publicly accessible
Audit recent SAML authentication events for anomalous activity
Review OAuth tokens issued via the SAML2 bearer grant flow and revoke suspicious tokens
Test SAML login flows after configuration change to confirm legitimate auth still works
Monitor UAA logs for continued anomalous SAML assertions post-remediation

References

Executive Summary

CVSS Score: 9.0 (High)

Vulnerability Overview

Attribute	Value
CVE ID	CVE-2026-41005
CVSS Score	9.0 (High)
CWE	CWE-347: Improper Verification of Cryptographic Signature
Attack Vector	Network
Affected Component	Cloud Foundry UAA
Affected Flows	OAuth 2.0 SAML2 bearer grant; Browser SSO (ACS)
Trigger Condition	`wantAssertionSigned=false`
Published	2026-06-11

Affected Products

Vendor	Product	Vulnerable Condition
Cloud Foundry	UAA (User Account & Authentication)	`wantAssertionSigned` = false in SAML SP config

Vulnerability Details

SAML Encryption vs. Signature: A Critical Distinction

SAML assertions rely on two separate cryptographic mechanisms that serve distinct security purposes:

XML Encryption — encrypts the assertion content so only the intended recipient (Service Provider) can read it. This protects confidentiality.
XML Signature — cryptographically signs the assertion so the recipient can verify it was issued by the trusted Identity Provider. This protects authenticity and integrity.

Affected SAML Flows

Two specific flows are vulnerable when wantAssertionSigned=false:

1. OAuth 2.0 SAML2 Bearer Grant (Token Endpoint)

Attacker → UAA Token Endpoint (POST /oauth/token)
  Body: grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer
        assertion=<crafted_encrypted_unsigned_saml_assertion>
 
UAA: Decrypts assertion successfully ✓
UAA: Checks signature → wantAssertionSigned=false, SKIPPED
UAA: Issues OAuth token for claimed identity ← Authentication Bypass

2. Browser SSO via ACS (Assertion Consumer Service)

Attacker → UAA ACS Endpoint (POST /saml/SSO/alias/...)
  Body: SAMLResponse=<crafted_encrypted_unsigned_saml_response>
 
UAA: Decrypts SAMLResponse successfully ✓
UAA: Signature check skipped (wantAssertionSigned=false)
UAA: Establishes session for attacker-specified identity ← Authentication Bypass

Attack Requirements

To exploit this vulnerability, an attacker needs:

The Service Provider's encryption certificate/public key — used to encrypt the forged assertion. This may be obtainable from the SP metadata endpoint (often publicly exposed at /saml/metadata).
Network access to the UAA SAML endpoints.
The target UAA must be configured with wantAssertionSigned=false for the target SAML Identity Provider.

Impact

A successful exploit allows an attacker to:

Impersonate any user in the Cloud Foundry environment, including administrators
Obtain valid OAuth tokens for arbitrary user identities
Establish authenticated browser sessions as any user
Access Cloud Foundry resources — apps, spaces, orgs — with the privileges of the impersonated user

Deployment Context and Risk

Configuration	Risk Level	Notes
`wantAssertionSigned=false` + SP metadata publicly exposed	Critical	Attacker can obtain SP cert from metadata and forge assertions immediately
`wantAssertionSigned=false` + SP metadata restricted	High	Attacker with metadata access or cert knowledge can exploit
`wantAssertionSigned=true`	Not vulnerable	Signature verification enforced; this CVE does not apply

Recommended Mitigations

1. Enable Signature Verification (Primary Fix)

Set wantAssertionSigned=true in your UAA SAML Service Provider configuration:

# UAA configuration (uaa.yml or bosh manifest)
login:
  saml:
    wantAssertionSigned: true   # CRITICAL: ensure this is true

This ensures UAA validates the XML signature on every SAML assertion, regardless of encryption status.

2. Rotate SP Encryption Keys

If the SP metadata endpoint was publicly accessible, assume the encryption certificate is known to potential attackers. Rotate the SAML SP encryption key pair:

# UAA SAML key rotation (Cloud Foundry BOSH)
# Update the saml.serviceProviderKey and saml.serviceProviderKeyPassword
# in the UAA BOSH deployment manifest, then redeploy

3. Restrict SAML Endpoint Access

Limit network access to the UAA SAML ACS and token endpoints to trusted networks where possible.

4. Audit SAML-Based Authentications

Review UAA audit logs for suspicious SAML authentication events, especially:

Authentications for high-privilege accounts (admins, operators)
Authentications from unexpected source IPs
Token grants using the SAML2 bearer flow

# Cloud Foundry UAA audit log (example query)
cf curl /v2/events?q=type:audit.user.authenticate | grep saml

5. Apply Vendor Patch

Apply the official Cloud Foundry UAA patch when released. Monitor:

Post-Remediation Checklist

Verify wantAssertionSigned=true is set and UAA has been redeployed
Rotate SAML SP encryption certificate if SP metadata was publicly accessible
Audit recent SAML authentication events for anomalous activity
Review OAuth tokens issued via the SAML2 bearer grant flow and revoke suspicious tokens
Test SAML login flows after configuration change to confirm legitimate auth still works
Monitor UAA logs for continued anomalous SAML assertions post-remediation

Affected Products

Executive Summary

Vulnerability Overview

Affected Products

Vulnerability Details

SAML Encryption vs. Signature: A Critical Distinction

Affected SAML Flows

Attack Requirements

Impact

Deployment Context and Risk

Recommended Mitigations

1. Enable Signature Verification (Primary Fix)

2. Rotate SP Encryption Keys

3. Restrict SAML Endpoint Access

4. Audit SAML-Based Authentications

5. Apply Vendor Patch

Post-Remediation Checklist

References

Related Reading

Affected Products

Executive Summary

Vulnerability Overview

Affected Products

Vulnerability Details

SAML Encryption vs. Signature: A Critical Distinction

Affected SAML Flows

Attack Requirements

Impact

Deployment Context and Risk

Recommended Mitigations

1. Enable Signature Verification (Primary Fix)

2. Rotate SP Encryption Keys

3. Restrict SAML Endpoint Access

4. Audit SAML-Based Authentications

5. Apply Vendor Patch

Post-Remediation Checklist

References

Related Reading