<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>AI Bridge Proxy (Vulnerable: &gt;= 2.30.0, &lt; 2.32.7) - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/ai-bridge-proxy-vulnerable--2.30.0--2.32.7/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Mon, 06 Jul 2026 21:16:13 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/ai-bridge-proxy-vulnerable--2.30.0--2.32.7/feed.xml" rel="self" type="application/rss+xml"/><item><title>Coder AI Bridge Proxy TLS Certificate Verification Bypass (CVE-2026-55436)</title><link>https://feed.craftedsignal.io/briefs/2026-07-coder-ai-bridge-proxy-tls-bypass/</link><pubDate>Mon, 06 Jul 2026 21:16:13 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-coder-ai-bridge-proxy-tls-bypass/</guid><description>The AI Bridge Proxy (`aibridgeproxyd`) in Coder's platform, when running in its default configuration without an upstream proxy, failed to perform TLS certificate verification for outbound HTTPS connections to the Coder server (CVE-2026-55436), allowing an on-path attacker to intercept sensitive data including Coder session tokens, user-supplied API keys, and full request/response bodies.</description><content:encoded><![CDATA[<p>A critical vulnerability, CVE-2026-55436, has been identified in the Coder AI Bridge Proxy (<code>aibridgeproxyd</code>), affecting versions 2.30.0 through 2.34.1. The proxy, when operating in its default configuration without an explicit upstream proxy, was found to set <code>InsecureSkipVerify: true</code> for outbound HTTPS connections to the Coder access URL. This misconfiguration allows the proxy to accept any TLS certificate, bypassing essential verification. An attacker with a Man-in-the-Middle (MITM) position between the AI Bridge Proxy and the Coder server could exploit this to intercept sensitive communications. This vulnerability poses a significant risk to the confidentiality of Coder session tokens, user-supplied provider API keys, and all data exchanged, including prompts and completions.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li><strong>Initial Access / Positioning</strong>: An attacker gains a Man-in-the-Middle (MITM) position on the network path between the AI Bridge Proxy and the Coder server. This can be achieved through methods like ARP spoofing, DNS poisoning, or by gaining control over environment variables (e.g., <code>HTTP_PROXY</code>, <code>HTTPS_PROXY</code>) that redirect proxy traffic.</li>
<li><strong>Outbound Connection</strong>: The <code>aibridgeproxyd</code> service initiates an outbound HTTPS connection to the Coder server's access URL to fetch or send data.</li>
<li><strong>TLS Interception</strong>: The attacker intercepts this HTTPS connection and presents a forged TLS certificate to the AI Bridge Proxy.</li>
<li><strong>Certificate Acceptance</strong>: Due to the <code>InsecureSkipVerify: true</code> setting in the default configuration, the AI Bridge Proxy fails to validate the attacker's forged TLS certificate and establishes a seemingly secure connection with the attacker.</li>
<li><strong>Traffic Decryption</strong>: The attacker, now acting as an intermediary, can decrypt the traffic flowing between the proxy and the Coder server.</li>
<li><strong>Sensitive Data Interception</strong>: The attacker extracts sensitive information from the intercepted traffic, including Coder session tokens, user-supplied provider API keys (BYOK), and the full request and response bodies, which may contain AI prompts and completions.</li>
<li><strong>Impact Fulfillment</strong>: The attacker can use the stolen session tokens or API keys to impersonate users, access data, or perform unauthorized actions within the Coder environment or linked services.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The successful exploitation of CVE-2026-55436 allows an attacker to intercept highly sensitive data in transit between the AI Bridge Proxy and the Coder server. This includes Coder session tokens, which could be used for session hijacking and unauthorized access, as well as user-supplied provider API keys (Bring Your Own Key - BYOK) for AI services, leading to compromise of those external accounts. Furthermore, the attacker can access entire request and response bodies, exposing confidential prompts and AI-generated completions. Organizations utilizing Coder deployments where the AI Bridge Proxy communicates with the Coder server over a network path vulnerable to MITM attacks are at risk of significant data breaches and potential credential compromise.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately patch all affected Coder AI Bridge Proxy installations to the latest patched versions: <code>v2.34.2</code>, <code>v2.33.8</code>, or <code>v2.32.7</code> to address CVE-2026-55436.</li>
<li>Ensure the Coder access URL uses a trusted certificate to prevent easy spoofing in case of an existing MITM.</li>
<li>Secure the network path between the AI Bridge Proxy and the Coder server, for example, by ensuring they are co-located over loopback or by implementing mutual TLS (mTLS) for enhanced authentication.</li>
<li>Audit network configurations to identify and mitigate potential Man-in-the-Middle attack vectors, such as insecure DNS configurations or ARP spoofing vulnerabilities.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>vulnerability</category><category>man-in-the-middle</category><category>tls</category><category>data-exfiltration</category></item></channel></rss>