<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Coder &lt; V2.32.9 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/coder--v2.32.9/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Mon, 06 Jul 2026 21:57:28 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/coder--v2.32.9/feed.xml" rel="self" type="application/rss+xml"/><item><title>Coder Workspace Agent API Insecure Redirect Handling Allows Cross-Agent File Access and RCE</title><link>https://feed.craftedsignal.io/briefs/2026-07-coder-insecure-redirect/</link><pubDate>Mon, 06 Jul 2026 21:57:28 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-coder-insecure-redirect/</guid><description>An authenticated user can exploit insecure redirect handling in the Coder workspace agent API to redirect API requests from their modified agent to a victim's online agent, enabling unauthorized file read/write operations and potential remote command execution across workspace and tenant boundaries.</description><content:encoded><![CDATA[<p>A critical vulnerability (tracked as GHSA-qrwj-vh9x-gw5v) has been identified in Coder, a developer workspace platform, affecting its workspace agent API's redirect handling. Specifically, the <code>agentConn.apiClient()</code> utilized the default redirect behavior of <code>http.Client</code>, which could be abused by an authenticated user. By controlling a modified workspace agent, an attacker can craft HTTP redirects (e.g., 307 or 308) to point the control-plane client towards a victim agent's internal tailnet IP address. This bypasses security checks and causes subsequent API requests, intended for the attacker's agent, to be sent to the victim's agent instead. This can lead to unauthorized file reading and writing as the victim workspace user. In affected versions that expose the workspace agent process API, this primitive can be chained to achieve arbitrary command execution, effectively allowing attackers to cross workspace and tenant boundaries. The vulnerability affects Coder versions prior to v2.34.4, v2.33.10, v2.32.9, and v2.29.19 (ESR).</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An authenticated user gains control over and modifies a Coder workspace agent within their own workspace.</li>
<li>The attacker, knowing the victim agent's UUID, deterministically calculates the victim agent's tailnet IP address.</li>
<li>The attacker's modified agent returns an HTTP redirect (e.g., 307 or 308) in response to a control-plane client's API request.</li>
<li>The crafted redirect's Location header specifies the derived tailnet IP of the victim agent.</li>
<li>Due to insecure default redirect handling, the control-plane client follows the redirect, sending its subsequent workspace agent API request to the victim agent's IP instead of the intended (attacker's) agent.</li>
<li>The victim agent, processing the request as if it originated legitimately from the control plane, performs the requested action (e.g., file read or write).</li>
<li>If the workspace agent process API is exposed, the attacker writes a malicious payload via the redirected file API.</li>
<li>The attacker then redirects a process-start request to execute the payload, achieving remote command execution as the victim workspace user and crossing workspace/tenant boundaries.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation allows an authenticated user to gain unauthorized access to files and potentially achieve remote code execution (RCE) on other workspace agents within the Coder environment. This means an attacker can read sensitive files, modify critical data, or execute arbitrary commands as the victim workspace user, effectively compromising other users' workspaces and potentially breaching tenant boundaries. The consequence could range from data exfiltration and sabotage to complete compromise of sensitive development environments, leading to intellectual property theft or further network penetration. The vulnerability requires an authenticated user with control over a modified agent but the impact extends beyond their initial scope.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Upgrade all Coder installations immediately to a patched version: v2.34.4, v2.33.10, v2.32.9, or v2.29.19 (ESR) or later, as specified in the provided patches section.</li>
<li>Ensure that Coder instances are updated to address GHSA-qrwj-vh9x-gw5v to disable automatic redirect following for workspace agent API clients.</li>
<li>Confirm that all workspace agent API dials pin to the intended agent's deterministic tailnet address and reject requests whose URL host does not match the intended agent, as described in the fix.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>vulnerability</category><category>rce</category><category>file-manipulation</category><category>coder</category><category>server-side-request-forgery</category><category>ghsa</category></item></channel></rss>