Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Requires network access but stacked conditions (subdomain routing, no proxy stripping, victim interaction) justify AC:H; attacker needs a shared app account (PR:L); scope changes as routing crosses user-app trust boundaries.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionNVD
Summary
The workspace app proxy resolves the target app from httpapi.RequestHost() which prefers the X-Forwarded-Host header over the real Host header. No middleware strips X-Forwarded-Host before routing and the header is not browser-forbidden so client-side JavaScript can set it on fetch() calls.
> Note: Practical exploitation requires subdomain app routing (wildcard hostname) enabled, a victim who visits the attacker's shared app and a deployment whose upstream proxy does not strip X-Forwarded-Host.
Impact
App session cookies are scoped to the wildcard parent domain so the browser attaches them to any app subdomain. An attacker who controls a shared workspace app can serve JavaScript that sends same-site requests with a forged X-Forwarded-Host pointing at a victim's private app. The server routes by the attacker-controlled header but authorizes with the victim's cookie which lets the attacker read the victim's private app responses. Subdomain app routing must be enabled and no upstream proxy may strip X-Forwarded-Host.
Patches
The fix trusts X-Forwarded-Host only from configured trusted proxies and otherwise resolves the routing host from the verified request host.
The fix was backported to all supported release lines:
Workarounds
Place an upstream reverse proxy that strips or overwrites X-Forwarded-Host on untrusted requests.
Resources
- Fix: #26204
Credits
Coder would like to thank Anthropic's Security Team (ANT-2026-22435) for independently disclosing this issue!
AnalysisAI
Cross-boundary information disclosure in Coder's workspace app proxy allows an attacker who controls a shared workspace app to read a victim user's private app responses by forging the X-Forwarded-Host header. The proxy trusts this client-supplied header for routing decisions while simultaneously authorizing the request with the victim's own session cookie - which the browser attaches to any subdomain because cookies are scoped to the wildcard parent domain - enabling the attacker to steer responses from private apps back through their own JavaScript. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Subdomain app routing must be explicitly enabled in the Coder deployment (wildcard hostname configuration) - without this, the cookie-scoping and header-routing preconditions do not exist. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-assigned CVSS 3.1 score of 5.8 (AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N) accurately reflects the real-world risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a Coder account publishes a shared workspace app containing JavaScript that issues a fetch() call to the Coder proxy with a forged X-Forwarded-Host header naming the victim's private app subdomain. When an authenticated victim browses to the attacker's shared app, the browser automatically attaches the wildcard-scoped session cookie; Coder's proxy routes the request to the victim's private app based on the forged header but authorizes it against the victim's cookie, returning the private app's response body to the attacker's script. … |
| Remediation | The primary fix is to upgrade to a patched release: v2.34.2, v2.33.8, v2.32.7, or v2.29.17 (ESR), all available at https://github.com/coder/coder/releases. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42136
GHSA-5g4w-3vw9-478w