Skip to main content

Coder CVE-2026-55429

| EUVDEUVD-2026-42135 HIGH
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-07-06 https://github.com/coder/coder GHSA-9rjw-3gwp-f59v
8.7
CVSS 3.1 · Vendor: https://github.com/coder/coder
Share

Severity by source

Vendor (https://github.com/coder/coder) PRIMARY
8.7 HIGH
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
vuln.today AI
8.7 HIGH

Network API reachable (AV:N/AC:L) but attacker must be a template author or provisioner operator (PR:H); rebinding another user's workspace crosses an authz boundary (S:C) yielding traffic interception (C:H/I:H), with no availability loss (A:N).

3.1 AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Primary rating from Vendor (https://github.com/coder/coder).

CVSS VectorVendor: https://github.com/coder/coder

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 06, 2026 - 21:52 vuln.today

DescriptionCVE.org

Summary

UpsertWorkspaceApp overwrites an existing app's agent_id on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob payload without verifying it belongs to the workspace being built. CompleteJob runs under dbauthz.AsProvisionerd so the authorization layer does not block the cross-workspace upsert.

> Note: Exploitation requires elevated access as a template author or external provisioner operator.

Impact

A user with template authorship or external provisioner access can submit a CompleteJob payload with a known victim app UUID and an attacker-controlled agent ID. On completion of the attacker's build the victim's app row is rebound to the attacker's agent so later app traffic such as IDE and terminal sessions is proxied to the attacker's workspace. App UUIDs are discoverable through the public API.

Patches

The fix verifies that any existing workspace_apps row matching the supplied ID belongs to the workspace being built and rejects cross-workspace agent reassignment.

The fix was backported to all supported release lines:

Release linePatched version
2.34v2.34.2
2.33v2.33.8
2.32v2.32.7
2.29 (ESR)v2.29.17

Workarounds

None. Upgrading is required.

Resources

  • Fix: #26103

Credits

Coder would like to thank Anthropic's Security Team (ANT-2026-22441) for independently disclosing this issue!

AnalysisAI

Cross-workspace agent hijacking in Coder (self-hosted cloud development environment platform) lets a user with template-authorship or external-provisioner privileges rebind another user's workspace app to an attacker-controlled agent. By submitting a crafted CompleteJob payload referencing a known victim app UUID, the attacker causes later app traffic - including IDE and terminal sessions - to be proxied through their own workspace, enabling interception. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain template-author or provisioner access
Delivery
Enumerate victim app UUID via public API
Exploit
Craft CompleteJob with victim UUID + attacker agent ID
Execution
Trigger attacker workspace build
Persist
Victim app row rebound to attacker agent
Impact
Victim IDE/terminal traffic proxied to attacker

Vulnerability AssessmentAI

Exploitation Exploitation requires elevated Coder access - specifically template-authorship rights or control of an external provisioner - because the malicious app-to-agent rebinding is smuggled through the provisioner's CompleteJob payload, which runs under the dbauthz.AsProvisionerd context. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N, base 8.7 reflecting the scope-changed high confidentiality/integrity impact) is internally consistent with the description: network-reachable API, low complexity, but high privileges required (PR:H) because the attacker must already be a template author or external provisioner operator. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who holds template-author rights (or operates an external provisioner) enumerates a victim's workspace app UUID via the public API, then triggers a build of their own workspace whose CompleteJob payload references that victim UUID paired with the attacker's own agent ID. On build completion the victim's app row is rebound, and the victim's subsequent IDE and terminal sessions are proxied through the attacker's workspace, allowing interception. …
Remediation Upgrade to a patched build for your release line: Vendor-released patch v2.34.2, v2.33.8, v2.32.7, or v2.29.17 (2.29 ESR), per the coder/coder advisory GHSA-9rjw-3gwp-f59v and PR #26103, which adds verification that any existing workspace_apps row matching the supplied ID belongs to the workspace being built and rejects cross-workspace agent reassignment. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit all Coder instances to identify users with template-authorship or external-provisioner privileges; review workspace agent binding logs for unauthorized rebinding activity. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-55429 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy