CVE-2026-55432 in Coderالمعلومات

الملخص

بحسب MITRE • 08/07/2026

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the `CreateSubAgent` RPC did not validate a requested app sharing level against the template's `MaxPortSharingLevel` before persisting workspace apps, letting a workspace owner exceed the administrator's configured maximum. Exploitation requires the ability to register sub-agent apps in a workspace the attacker controls. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2clamps the sub-agent app sharing level to the template's `MaxPortSharingLevel`. As a workaround, disable wildcard app hostnames (`CODER_WILDCARD_ACCESS_URL`) to block subdomain-based app routing.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

مسؤول

GitHub M

حجز

16/06/2026

إفشاء

08/07/2026

الاعتدال

تمت الموافقة

إدخال

VDB-376754

EPSS

0.00000

KEV

لا

النشاطات

منخفض جدًا

المصادر

Interested in the pricing of exploits?

See the underground prices here!