{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/ai-bridge-proxy-vulnerable--2.33.0--2.33.8/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["AI Bridge Proxy (vulnerable: \u003e= 2.34.0, \u003c 2.34.2)","AI Bridge Proxy (vulnerable: \u003e= 2.33.0, \u003c 2.33.8)","AI Bridge Proxy (vulnerable: \u003e= 2.30.0, \u003c 2.32.7)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","man-in-the-middle","tls","data-exfiltration"],"_cs_type":"advisory","_cs_vendors":["Coder"],"content_html":"\u003cp\u003eA critical vulnerability, CVE-2026-55436, has been identified in the Coder AI Bridge Proxy (\u003ccode\u003eaibridgeproxyd\u003c/code\u003e), affecting versions 2.30.0 through 2.34.1. The proxy, when operating in its default configuration without an explicit upstream proxy, was found to set \u003ccode\u003eInsecureSkipVerify: true\u003c/code\u003e for outbound HTTPS connections to the Coder access URL. This misconfiguration allows the proxy to accept any TLS certificate, bypassing essential verification. An attacker with a Man-in-the-Middle (MITM) position between the AI Bridge Proxy and the Coder server could exploit this to intercept sensitive communications. This vulnerability poses a significant risk to the confidentiality of Coder session tokens, user-supplied provider API keys, and all data exchanged, including prompts and completions.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access / Positioning\u003c/strong\u003e: An attacker gains a Man-in-the-Middle (MITM) position on the network path between the AI Bridge Proxy and the Coder server. This can be achieved through methods like ARP spoofing, DNS poisoning, or by gaining control over environment variables (e.g., \u003ccode\u003eHTTP_PROXY\u003c/code\u003e, \u003ccode\u003eHTTPS_PROXY\u003c/code\u003e) that redirect proxy traffic.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOutbound Connection\u003c/strong\u003e: The \u003ccode\u003eaibridgeproxyd\u003c/code\u003e service initiates an outbound HTTPS connection to the Coder server's access URL to fetch or send data.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTLS Interception\u003c/strong\u003e: The attacker intercepts this HTTPS connection and presents a forged TLS certificate to the AI Bridge Proxy.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCertificate Acceptance\u003c/strong\u003e: Due to the \u003ccode\u003eInsecureSkipVerify: true\u003c/code\u003e setting in the default configuration, the AI Bridge Proxy fails to validate the attacker's forged TLS certificate and establishes a seemingly secure connection with the attacker.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTraffic Decryption\u003c/strong\u003e: The attacker, now acting as an intermediary, can decrypt the traffic flowing between the proxy and the Coder server.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSensitive Data Interception\u003c/strong\u003e: The attacker extracts sensitive information from the intercepted traffic, including Coder session tokens, user-supplied provider API keys (BYOK), and the full request and response bodies, which may contain AI prompts and completions.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact Fulfillment\u003c/strong\u003e: The attacker can use the stolen session tokens or API keys to impersonate users, access data, or perform unauthorized actions within the Coder environment or linked services.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-55436 allows an attacker to intercept highly sensitive data in transit between the AI Bridge Proxy and the Coder server. This includes Coder session tokens, which could be used for session hijacking and unauthorized access, as well as user-supplied provider API keys (Bring Your Own Key - BYOK) for AI services, leading to compromise of those external accounts. Furthermore, the attacker can access entire request and response bodies, exposing confidential prompts and AI-generated completions. Organizations utilizing Coder deployments where the AI Bridge Proxy communicates with the Coder server over a network path vulnerable to MITM attacks are at risk of significant data breaches and potential credential compromise.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch all affected Coder AI Bridge Proxy installations to the latest patched versions: \u003ccode\u003ev2.34.2\u003c/code\u003e, \u003ccode\u003ev2.33.8\u003c/code\u003e, or \u003ccode\u003ev2.32.7\u003c/code\u003e to address CVE-2026-55436.\u003c/li\u003e\n\u003cli\u003eEnsure the Coder access URL uses a trusted certificate to prevent easy spoofing in case of an existing MITM.\u003c/li\u003e\n\u003cli\u003eSecure the network path between the AI Bridge Proxy and the Coder server, for example, by ensuring they are co-located over loopback or by implementing mutual TLS (mTLS) for enhanced authentication.\u003c/li\u003e\n\u003cli\u003eAudit network configurations to identify and mitigate potential Man-in-the-Middle attack vectors, such as insecure DNS configurations or ARP spoofing vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-06T21:16:13Z","date_published":"2026-07-06T21:16:13Z","id":"https://feed.craftedsignal.io/briefs/2026-07-coder-ai-bridge-proxy-tls-bypass/","summary":"The AI Bridge Proxy (`aibridgeproxyd`) in Coder's platform, when running in its default configuration without an upstream proxy, failed to perform TLS certificate verification for outbound HTTPS connections to the Coder server (CVE-2026-55436), allowing an on-path attacker to intercept sensitive data including Coder session tokens, user-supplied API keys, and full request/response bodies.","title":"Coder AI Bridge Proxy TLS Certificate Verification Bypass (CVE-2026-55436)","url":"https://feed.craftedsignal.io/briefs/2026-07-coder-ai-bridge-proxy-tls-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed - AI Bridge Proxy (Vulnerable: \u003e= 2.33.0, \u003c 2.33.8)","version":"https://jsonfeed.org/version/1.1"}