Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Network-reachable HTTP endpoint (AV:N), trivial to exploit (AC:L), member-level auth required (PR:L), availability-only impact crashing coderd in-process (A:H, S:U).
Primary rating from Vendor (https://github.com/coder/coder).
CVSS VectorVendor: https://github.com/coder/coder
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
Summary
AI Bridge provider handlers read request bodies with io.ReadAll without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory.
> Note: Exploitation requires authenticated access to the AI Bridge endpoints and the impact is limited to availability (denial of service).
Impact
An authenticated member-level user could POST a very large or chunked body to an AI Bridge provider endpoint such as /api/v2/aibridge/anthropic/v1/messages, growing heap memory until the operating system terminates the process. Because AI Bridge runs in-process with coderd, this crashes the entire control plane, including the API, workspace coordinator and DERP relay. It requires an authenticated user and the AI Bridge feature enabled.
Patches
The fix applies http.MaxBytesReader or an equivalent cap before reading provider and session request bodies. The affected AI Bridge provider endpoints exist only on the v2.33 and v2.34 lines. Earlier release lines are not affected.
The fix is available in the following releases:
Workarounds
None.
Resources
- Fix: #26164
Credits
Coder would like to thank Anthropic's Security Team (ANT-2026-22443) for independently disclosing this issue!
AnalysisAI
Memory exhaustion in Coder's AI Bridge feature allows an authenticated member-level user to crash the entire control plane by sending arbitrarily large HTTP request bodies to provider endpoints such as /api/v2/aibridge/anthropic/v1/messages. Because AI Bridge runs in-process with coderd, a single crafted request can grow heap memory until the OS terminates the process, taking down the API server, workspace coordinator, and DERP relay simultaneously. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires three conditions to align: (1) the attacker must hold a valid authenticated Coder session at member-level or higher, as confirmed by CVSS PR:L - unauthenticated exploitation is not possible; (2) the AI Bridge feature must be enabled on the target Coder deployment, since the vulnerable endpoints only exist when this feature is active; (3) the target must be running Coder v2.33.x or v2.34.x - earlier release lines do not contain the AI Bridge code and are not affected. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) scores 6.5 (Medium), which slightly understates the operational impact for Coder deployments: crashing `coderd` disrupts all connected workspaces and administrative functions, not just the AI Bridge. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated Coder member logs in with their standard credentials and scripts a POST request to `/api/v2/aibridge/anthropic/v1/messages` with a continuously streaming or pre-allocated multi-gigabyte body. The server reads the entire body into heap memory with no cap, exhausting available RAM until the OS OOM-killer terminates the `coderd` process. … |
| Remediation | Upgrade to v2.34.2 (https://github.com/coder/coder/releases/tag/v2.34.2) or v2.33.8 (https://github.com/coder/coder/releases/tag/v2.33.8) as appropriate for your release line. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42086
GHSA-f5vp-w269-392g