Product
The AI Bridge Proxy (`aibridgeproxyd`) in Coder's platform, when running in its default configuration without an upstream proxy, failed to perform TLS certificate verification for outbound HTTPS connections to the Coder server (CVE-2026-55436), allowing an on-path attacker to intercept sensitive data including Coder session tokens, user-supplied API keys, and full request/response bodies.