Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: coder Clear
ID Title
CVE-2026-55438 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55438)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55438). Confidential information can be exposed externally. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55437 Cross-Site Scripting (XSS) in github.com/coder/coder/v2 (CVE-2026-55437)
cross-site scripting in github.com/coder/coder/v2 (CVE-2026-55437). Risk of unauthorized operations or information disclosure. Exploitable via ``AgentLogLine``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55436 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55436)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55436). Confidential information can be exposed externally. Exploitable via ``aibridgeproxyd``. Mitigation: upgrade to `2.32.7` or later.
CVE-2026-55435 Authorization Flaw in github.com/coder/coder/v2 (CVE-2026-55435)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55435). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /api/v2/users/{user}/keys`. Mitigation: upgrade to `2.32.7` or later.
CVE-2026-55434 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55434)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55434). Risk of unauthorized operations or information disclosure. Exploitable via ``io.ReadAll``. Mitigation: upgrade to `2.33.8` or later.
CVE-2026-55433 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55433)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55433). Risk of unauthorized operations or information disclosure. Exploitable via ``ActionRead``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55432 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55432)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55432). Risk of unauthorized operations or information disclosure. Exploitable via ``CreateSubAgent``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55431 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55431)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55431). Confidential information can be exposed externally. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55078 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55078)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55078). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v2/files`. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55430 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55430)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55430). Confidential information can be exposed externally. Exploitable via ``Host``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55428 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55428)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55428). Confidential information can be exposed externally. Exploitable via ``Addresses``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55429 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55429)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55429). Confidential information can be exposed externally. Exploitable via ``UpsertWorkspaceApp``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55079 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55079)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55079). Risk of unauthorized operations or information disclosure. Exploitable via ``NewDataBuilder``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55427 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55427)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55427). Successful exploitation can lead to full system takeover. Exploitable via ``HostnameSuffix``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55077 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55077)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55077). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v2/users/{user}/password`. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55075 Authentication Bypass in github.com/coder/coder/v2 (CVE-2026-55075)
authentication bypass in github.com/coder/coder/v2 (CVE-2026-55075). Confidential information can be exposed externally. Exploitable via ``email_verified``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55076 Authentication Bypass in github.com/coder/coder/v2 (CVE-2026-55076)
authentication bypass in github.com/coder/coder/v2 (CVE-2026-55076). Confidential information can be exposed externally. Exploitable via ``email_verified``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-44454 OS Command Injection in github.com/coder/coder/v2 (CVE-2026-44454)
OS command injection in github.com/coder/coder/v2 (CVE-2026-44454). Confidential information can be exposed externally. Exploitable via ``dotfiles``. Mitigation: upgrade to `2.30.2` or later.
CVE-2026-46354 Vulnerability in github.com/coder/coder/v2 (CVE-2026-46354)
vulnerability in github.com/coder/coder/v2 (CVE-2026-46354). Confidential information can be exposed externally. Exploitable via `POST /api/v2/workspaceagents/azure-instance-identity`. Mitigation: upgrade to `2.24.5` or later.
CVE-2026-45796 SSRF (Server-Side Request Forgery) in github.com/coder/coder/v2 (CVE-2026-45796)
SSRF in github.com/coder/coder/v2 (CVE-2026-45796). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v2/workspaceagents/azure-instance-identity`. Mitigation: upgrade to `2.24.5` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →