CVE-2026-55428 in Coderالمعلومات

الملخص

بحسب MITRE • 08/07/2026

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the tailnet coordinator validates that an agent's `Addresses` derive from its authenticated UUID but applies no equivalent check to `AllowedIPs`. The coordinator forwards agent-supplied `AllowedIPs` verbatim to tunnel peers which install them into the WireGuard peer configuration. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 validates each `AllowedIPs` prefix against the authenticating agent's UUID just like `Addresses`. As a workaround, monitor coordinator logs for agents advertising unexpected `AllowedIPs` prefixes.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

مسؤول

GitHub M

حجز

16/06/2026

إفشاء

08/07/2026

الاعتدال

تمت الموافقة

إدخال

VDB-376740

EPSS

0.00000

KEV

لا

النشاطات

منخفض جدًا

المصادر

Do you know our Splunk app?

Download it now for free!