CVE-2026-55432 in Coder정보

요약

\~에 의해 MITRE • 2026. 07. 08.

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the `CreateSubAgent` RPC did not validate a requested app sharing level against the template's `MaxPortSharingLevel` before persisting workspace apps, letting a workspace owner exceed the administrator's configured maximum. Exploitation requires the ability to register sub-agent apps in a workspace the attacker controls. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2clamps the sub-agent app sharing level to the template's `MaxPortSharingLevel`. As a workaround, disable wildcard app hostnames (`CODER_WILDCARD_ACCESS_URL`) to block subdomain-based app routing.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

책임이 있는

GitHub M

예약하다

2026. 06. 16.

모더레이션

수락

항목

VDB-376754

EPSS

0.00000

출처

Do you want to use VulDB in your project?

Use the official API to access entries easily!