CVE-2026-47840
HIGHLDAP StartTLS unconditionally disables hostname verification
CVSS v3
7.5
HIGH
EPSS Score
—
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselves admin scopes. This affects every deployment that authenticates users against LDAP over StartTLS. Affected versions: UAA versions prior to v78.13.0; Cf-deployment versions prior to v56.2.0.
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 7/9/2026
- Last Modified
- 7/9/2026
Frequently Asked Questions
What is CVE-2026-47840?
A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselves admin scopes. This affects every deployment that authenticates users against LDAP over StartTLS. Affected versions: UAA versions prior to v78.13.0; Cf-deployment versions prior to v56.2.0.
Is CVE-2026-47840 actively exploited?
Active exploitation of CVE-2026-47840 has not been confirmed. The EPSS score is N/A%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2026-47840?
CVE-2026-47840 has a CVSS v3 base score of 7.5 (HIGH severity), with vector string 3.1.
Is CVE-2026-47840 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.