Product
A critical authorization bypass vulnerability (CVE-2026-55429) exists in Coder's workspace application, allowing an attacker with template authorship or external provisioner access to rebind a victim's workspace app to their own agent, enabling them to proxy and compromise the victim's IDE and terminal sessions.