Skip to main content

Coder CVE-2026-55436

| EUVDEUVD-2026-42149 HIGH
Improper Certificate Validation (CWE-295)
2026-07-06 https://github.com/coder/coder GHSA-84rm-42xw-mx52
7.4
CVSS 3.1 · Vendor: https://github.com/coder/coder
Share

Severity by source

Vendor (https://github.com/coder/coder) PRIMARY
7.4 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
vuln.today AI
7.4 HIGH

On-path MITM prerequisite makes AC:H; no auth or user interaction (PR:N/UI:N); intercepted tokens/keys give C:H and I:H, with no availability impact (A:N).

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (https://github.com/coder/coder).

CVSS VectorVendor: https://github.com/coder/coder

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 06, 2026 - 21:59 vuln.today

DescriptionCVE.org

Summary

The AI Bridge Proxy (aibridgeproxyd) created a goproxy server whose default transport set InsecureSkipVerify: true and only assigned a secure transport when an upstream proxy was configured. In the default configuration (no upstream proxy), outbound HTTPS to the Coder access URL accepted any TLS certificate.

> Note: Practical exploitation requires an on-path (man-in-the-middle) position between the AI Bridge Proxy and the Coder server. Deployments where they are co-located over loopback are effectively unaffected.

Impact

An attacker positioned between the proxy and the Coder server, via ARP spoofing, DNS poisoning or control of proxy environment variables, could intercept injected Coder session tokens, user-supplied provider API keys (BYOK) and full request and response bodies including prompts and completions. The default transport also honored HTTP_PROXY and HTTPS_PROXY, allowing environment-based traffic redirection.

Patches

The fix applies the secure transport (TLS 1.2 or higher using system root CAs) unconditionally. The AI Bridge Proxy was introduced in v2.30.0. Earlier release lines including the v2.29 ESR line are not affected.

The fix is available in the following releases:

Release linePatched version
2.34v2.34.2
2.33v2.33.8
2.32v2.32.7

Workarounds

Ensure the Coder access URL uses a trusted certificate and secure the network path between the AI Bridge Proxy and the Coder server (for example, loopback or mTLS).

Resources

  • Fix: #26131

Credits

Coder would like to thank Anthropic's Security Team (ANT-2026-22455) for independently disclosing this issue!

AnalysisAI

Man-in-the-middle interception affects the Coder AI Bridge Proxy (aibridgeproxyd), introduced in Coder v2.30.0, where the goproxy default transport set InsecureSkipVerify:true and only used a secure transport when an upstream proxy was configured. In the default no-upstream-proxy configuration, outbound HTTPS to the Coder access URL accepted any TLS certificate, letting an on-path attacker decrypt traffic and steal Coder session tokens, BYOK provider API keys, and full prompt/completion bodies. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain network-adjacent position via ARP/DNS spoofing
Delivery
Present rogue TLS certificate to proxy
Exploit
Default transport skips certificate verification
Execution
Intercept and decrypt HTTPS session
Persist
Capture session tokens and BYOK API keys
Impact
Replay tokens or tamper AI requests

Vulnerability AssessmentAI

Exploitation Exploitation requires the AI Bridge Proxy (aibridgeproxyd) running in its default configuration with NO upstream proxy configured - this is the exact condition that leaves InsecureSkipVerify:true active on the outbound transport to the Coder access URL. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are mostly consistent and point to a real-but-conditional High-severity issue rather than a mass-exploitation emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who gains a network-adjacent position on the segment between an AI Bridge Proxy and the Coder server - for instance via ARP spoofing on a shared LAN or by poisoning DNS resolution for the access URL - presents a rogue TLS certificate that the default proxy transport accepts without validation. They then transparently proxy the HTTPS session, capturing injected Coder session tokens, user-supplied provider API keys, and the full plaintext of AI prompts and completions. …
Remediation Upgrade to a fixed release, which applies the secure transport (TLS 1.2+ validated against system root CAs) unconditionally: Vendor-released patch v2.34.2 (https://github.com/coder/coder/releases/tag/v2.34.2) for the 2.34 line, v2.33.8 for the 2.33 line, or v2.32.7 for the 2.32 line; the underlying fix is PR #26131 (https://github.com/coder/coder/pull/26131). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Coder instances running v2.30.0 or later and determine if they operate without an upstream proxy. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-55436 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy