Product
high
advisory
Coder Tailnet Vulnerability (CVE-2026-55428) Leads to Route Hijacking
1 TTPA high-severity vulnerability (CVE-2026-55428) in Coder's tailnet coordinator allows a malicious workspace agent to hijack network routes by advertising arbitrary `AllowedIPs` prefixes, enabling interception and spoofing of web terminal and workspace application traffic.
Coder >= 2.34.0, < 2.34.2 +3
vulnerability
cve
route-hijacking
network-attack
supply-chain
1t
high
advisory
Coder OIDC Account Takeover Vulnerabilities (CVE-2026-55075)
2 TTPsTwo critical flaws in Coder's OIDC login mechanism, CVE-2026-55075, allow an attacker to achieve account takeover by exploiting email-based user matching without proper IdP subject checks and bypassing the `email_verified` claim, leading to full access to victim workspaces and resources.
Coder < 2.29.17 +3
oidc
account-takeover
vulnerability
coder
cloud
2t