Product
An authenticated user can exploit insecure redirect handling in the Coder workspace agent API to redirect API requests from their modified agent to a victim's online agent, enabling unauthorized file read/write operations and potential remote command execution across workspace and tenant boundaries.