coder
DevTools & CIcommercial
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting coder.
- CVE-2026-55438Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing5.8
- CVE-2026-55437Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component5.4
- CVE-2026-55436Coder's AI Bridge Proxy skips TLS certificate verification in default configuration7.4
- CVE-2026-55433Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers5.4
- CVE-2026-55432Coder's sub-agent app registration bypasses template port-sharing policy enforcement5.4
- CVE-2026-55431Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps7.7
- CVE-2026-55430Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access5.8
- CVE-2026-55429Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID8.7
- CVE-2026-55428Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator8.2
- CVE-2026-55427Coder vulnerable to SSH config injection via unsanitized server-supplied values in `coder config-ssh`8.3
- CVE-2026-55079Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service4.9
- CVE-2026-55078Coder: Zip upload decompression lacks aggregate size limit, enabling denial of service6.5
- CVE-2026-55077Coder: User-admin role can reset owner account password7.2
- CVE-2026-55076Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking7.4
- CVE-2026-55075Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass7.4