{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/coder-vulnerable--2.33.0--2.33.8/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Coder (vulnerable: \u003e= 2.34.0, \u003c 2.34.2)","Coder (vulnerable: \u003e= 2.33.0, \u003c 2.33.8)","Coder (vulnerable: \u003e= 2.30.0, \u003c 2.32.7)","Coder (vulnerable: \u003c 2.29.17)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","privilege-escalation","coder","application"],"_cs_type":"advisory","_cs_vendors":["Coder"],"content_html":"\u003cp\u003eA critical authorization bypass vulnerability, identified as CVE-2026-55429, has been discovered in Coder's workspace application versions prior to v2.34.2, v2.33.8, v2.32.7, and v2.29.17. The flaw resides in the \u003ccode\u003eUpsertWorkspaceApp\u003c/code\u003e and \u003ccode\u003einsertAgentApp\u003c/code\u003e functions, which fail to properly verify ownership of an app ID during the \u003ccode\u003eCompleteJob\u003c/code\u003e payload processing. This allows an attacker with pre-existing elevated access, specifically as a template author or external provisioner operator, to rebind a victim's workspace application to their own malicious agent. First disclosed by Anthropic's Security Team, this vulnerability enables attackers to intercept and proxy a victim's IDE and terminal sessions, leading to unauthorized access, data exposure, and potential compromise of development environments. Defenders must prioritize upgrading their Coder instances to the patched versions immediately to mitigate this severe risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eAttacker gains elevated access:\u003c/strong\u003e The attacker acquires \u0026quot;template authorship\u0026quot; or \u0026quot;external provisioner operator\u0026quot; privileges within the Coder environment, which is a prerequisite for exploitation.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVictim app ID discovery:\u003c/strong\u003e The attacker uses the Coder public API to identify and obtain the unique UUID of a target victim's workspace application.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAttacker creates malicious agent:\u003c/strong\u003e The attacker sets up their own workspace and agent, which will be used to intercept the victim's traffic.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCraft \u003ccode\u003eCompleteJob\u003c/code\u003e payload:\u003c/strong\u003e The attacker constructs a \u003ccode\u003eCompleteJob\u003c/code\u003e payload containing the victim's discovered app UUID and their own malicious agent ID.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSubmit payload:\u003c/strong\u003e The attacker submits the crafted \u003ccode\u003eCompleteJob\u003c/code\u003e payload to the Coder system, leveraging their elevated provisioner permissions.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCross-workspace agent rebinding:\u003c/strong\u003e The \u003ccode\u003eUpsertWorkspaceApp\u003c/code\u003e function, vulnerable to the ID conflict, overwrites the \u003ccode\u003eagent_id\u003c/code\u003e associated with the victim's app UUID, reassigning it to the attacker's agent ID.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTraffic interception:\u003c/strong\u003e Subsequent network traffic, including IDE and terminal sessions initiated by the victim for their workspace application, is transparently proxied to the attacker's workspace and agent.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSession compromise:\u003c/strong\u003e The attacker can now monitor, control, and potentially exfiltrate data from the victim's development environment sessions, leading to unauthorized access and data compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-55429 allows an attacker with pre-existing elevated permissions to effectively hijack a victim's Coder workspace sessions. This means all activity within the victim's IDE and terminal, including sensitive data, code, credentials, and commands, can be monitored and manipulated by the attacker. This privilege escalation enables unauthorized access to intellectual property, potential insertion of malicious code, and broader compromise of development pipelines, affecting all users of vulnerable Coder instances across various sectors utilizing the platform for development environments.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrioritize patching all Coder instances to versions v2.34.2, v2.33.8, v2.32.7, or v2.29.17 to remediate CVE-2026-55429.\u003c/li\u003e\n\u003cli\u003eRegularly review and limit permissions for \u0026quot;template author\u0026quot; and \u0026quot;external provisioner operator\u0026quot; roles to only essential personnel to reduce the attack surface for CVE-2026-55429.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-06T21:05:20Z","date_published":"2026-07-06T21:05:20Z","id":"https://feed.craftedsignal.io/briefs/2026-07-coder-workspace-rebind/","summary":"A critical authorization bypass vulnerability (CVE-2026-55429) exists in Coder's workspace application, allowing an attacker with template authorship or external provisioner access to rebind a victim's workspace app to their own agent, enabling them to proxy and compromise the victim's IDE and terminal sessions.","title":"Coder's Workspace App Vulnerability Allows Cross-Workspace Agent Rebinding","url":"https://feed.craftedsignal.io/briefs/2026-07-coder-workspace-rebind/"}],"language":"en","title":"CraftedSignal Threat Feed - Coder (Vulnerable: \u003e= 2.33.0, \u003c 2.33.8)","version":"https://jsonfeed.org/version/1.1"}