Skip to main content

Coder AI Bridge CVE-2026-55434

| EUVDEUVD-2026-42086 MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-07-06 https://github.com/coder/coder GHSA-f5vp-w269-392g
6.5
CVSS 3.1 · Vendor: https://github.com/coder/coder
Share

Severity by source

Vendor (https://github.com/coder/coder) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
6.5 MEDIUM

Network-reachable HTTP endpoint (AV:N), trivial to exploit (AC:L), member-level auth required (PR:L), availability-only impact crashing coderd in-process (A:H, S:U).

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (https://github.com/coder/coder).

CVSS VectorVendor: https://github.com/coder/coder

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 06, 2026 - 22:37 vuln.today

DescriptionCVE.org

Summary

AI Bridge provider handlers read request bodies with io.ReadAll without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory.

> Note: Exploitation requires authenticated access to the AI Bridge endpoints and the impact is limited to availability (denial of service).

Impact

An authenticated member-level user could POST a very large or chunked body to an AI Bridge provider endpoint such as /api/v2/aibridge/anthropic/v1/messages, growing heap memory until the operating system terminates the process. Because AI Bridge runs in-process with coderd, this crashes the entire control plane, including the API, workspace coordinator and DERP relay. It requires an authenticated user and the AI Bridge feature enabled.

Patches

The fix applies http.MaxBytesReader or an equivalent cap before reading provider and session request bodies. The affected AI Bridge provider endpoints exist only on the v2.33 and v2.34 lines. Earlier release lines are not affected.

The fix is available in the following releases:

Release linePatched version
2.34v2.34.2
2.33v2.33.8

Workarounds

None.

Resources

  • Fix: #26164

Credits

Coder would like to thank Anthropic's Security Team (ANT-2026-22443) for independently disclosing this issue!

AnalysisAI

Memory exhaustion in Coder's AI Bridge feature allows an authenticated member-level user to crash the entire control plane by sending arbitrarily large HTTP request bodies to provider endpoints such as /api/v2/aibridge/anthropic/v1/messages. Because AI Bridge runs in-process with coderd, a single crafted request can grow heap memory until the OS terminates the process, taking down the API server, workspace coordinator, and DERP relay simultaneously. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as member-level Coder user
Delivery
Craft oversized HTTP POST body
Exploit
Submit request to /api/v2/aibridge/anthropic/v1/messages
Execution
io.ReadAll allocates unbounded heap memory
Persist
OS OOM-killer terminates coderd process
Impact
Full control plane (API, workspace coordinator, DERP relay) goes offline

Vulnerability AssessmentAI

Exploitation Exploitation requires three conditions to align: (1) the attacker must hold a valid authenticated Coder session at member-level or higher, as confirmed by CVSS PR:L - unauthenticated exploitation is not possible; (2) the AI Bridge feature must be enabled on the target Coder deployment, since the vulnerable endpoints only exist when this feature is active; (3) the target must be running Coder v2.33.x or v2.34.x - earlier release lines do not contain the AI Bridge code and are not affected. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) scores 6.5 (Medium), which slightly understates the operational impact for Coder deployments: crashing `coderd` disrupts all connected workspaces and administrative functions, not just the AI Bridge. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated Coder member logs in with their standard credentials and scripts a POST request to `/api/v2/aibridge/anthropic/v1/messages` with a continuously streaming or pre-allocated multi-gigabyte body. The server reads the entire body into heap memory with no cap, exhausting available RAM until the OS OOM-killer terminates the `coderd` process. …
Remediation Upgrade to v2.34.2 (https://github.com/coder/coder/releases/tag/v2.34.2) or v2.33.8 (https://github.com/coder/coder/releases/tag/v2.33.8) as appropriate for your release line. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-55434 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy