Product

Azure-Instance-Identity

1 brief RSS

Coder Azure Instance Identity PKCS#7 Signature Bypass Leads to Unauthenticated Agent Token Theft (CVE-2026-46354)

Coder is vulnerable to a PKCS#7 signature bypass in Azure instance identity (CVE-2026-46354), allowing unauthenticated agent token theft via a forged vmId, enabling access to Git SSH private keys, OAuth access tokens, and workspace secrets.

Coder v2 +4 pkcs7 azure instance identity signature bypass unauthenticated access credential theft cve-2026-46354 coder

3r 3t 1d ago