Product
A vulnerability, CVE-2026-55076, in Coder's OpenID Connect (OIDC) authentication callback allowed an attacker to bypass email verification due to improper Go boolean type assertion of the `email_verified` claim, leading to full account takeover for existing user accounts.