{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/gitlab.com/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Coder v2","azure-instance-identity","github.com","gitlab.com","Bitbucket Cloud"],"_cs_severities":["critical"],"_cs_tags":["pkcs7","azure","instance identity","signature bypass","unauthenticated access","credential theft","cve-2026-46354","coder"],"_cs_type":"advisory","_cs_vendors":["Coder","Microsoft","GitHub","GitLab","Bitbucket"],"content_html":"\u003cp\u003eCoder v2 is susceptible to a critical vulnerability where the \u003ccode\u003eazureidentity.Validate()\u003c/code\u003e function fails to properly validate the PKCS#7 signature when using Azure instance identity for authentication. This flaw allows an unauthenticated attacker to bypass security measures by embedding a legitimate Azure certificate alongside a forged \u003ccode\u003evmId\u003c/code\u003e within a PKCS#7 envelope. Successful exploitation allows retrieval of the victim workspace agent\u0026rsquo;s session token, granting unauthorized access to sensitive resources. The attacker only requires knowledge of the target VM\u0026rsquo;s \u003ccode\u003evmId\u003c/code\u003e (UUIDv4), which, while a limitation, could be obtained through prior access or reconnaissance. This vulnerability impacts all versions of Coder v2 prior to the patched versions released in May 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a target Coder workspace agent and obtains its \u003ccode\u003evmId\u003c/code\u003e UUIDv4.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious PKCS#7 envelope containing a legitimate Azure certificate and a forged \u003ccode\u003evmId\u003c/code\u003e targeting the identified workspace.\u003c/li\u003e\n\u003cli\u003eAttacker sends a \u003ccode\u003ePOST\u003c/code\u003e request to the \u003ccode\u003e/api/v2/workspaceagents/azure-instance-identity\u003c/code\u003e endpoint with the crafted PKCS#7 envelope. This endpoint is unauthenticated.\u003c/li\u003e\n\u003cli\u003eCoder\u0026rsquo;s \u003ccode\u003eazureidentity.Validate()\u003c/code\u003e function incorrectly validates only the signer certificate, failing to verify the PKCS#7 signature itself.\u003c/li\u003e\n\u003cli\u003eThe forged \u003ccode\u003evmId\u003c/code\u003e is accepted, and the attacker retrieves the workspace agent\u0026rsquo;s session token.\u003c/li\u003e\n\u003cli\u003eAttacker uses the stolen token to access the \u003ccode\u003eGET /workspaceagents/me/gitsshkey\u003c/code\u003e endpoint to retrieve the Git SSH private key.\u003c/li\u003e\n\u003cli\u003eAttacker uses the stolen token to access \u003ccode\u003eGET /workspaceagents/me/external-auth\u003c/code\u003e endpoint, exfiltrating OAuth access tokens for GitHub, GitLab, and Bitbucket.\u003c/li\u003e\n\u003cli\u003eAttacker uses the stolen token to access workspace secrets via the agent manifest, including environment variables, file paths, and API keys.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2026-46354) grants an attacker unauthorized access to sensitive resources within Coder workspaces. This can lead to complete compromise of the workspace, including the ability to push malicious code to repositories using the stolen Git SSH private key, impersonate the workspace owner, and access sensitive environment variables, file paths, and API keys. If an attacker gains access to source code repositories and developer secrets, they can cause significant data breaches, intellectual property theft, and supply chain attacks.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch Coder instances to the latest versions (\u0026gt;= v2.33.3, v2.32.2, v2.31.12, v2.30.8, v2.29.13, v2.24.5) to address CVE-2026-46354.\u003c/li\u003e\n\u003cli\u003eAs a temporary workaround, reconfigure Azure templates to use token authentication instead of \u003ccode\u003eazure-instance-identity\u003c/code\u003e, as described in the advisory. Specifically, modify the \u003ca href=\"https://registry.terraform.io/providers/coder/coder/latest/docs/resources/agent#auth-1\"\u003e\u003ccode\u003ecoder_agent.auth\u003c/code\u003e\u003c/a\u003e value to \u003ccode\u003etoken\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eImplement the provided Sigma rule to detect suspicious POST requests to the \u003ccode\u003e/api/v2/workspaceagents/azure-instance-identity\u003c/code\u003e endpoint with potentially crafted PKCS#7 envelopes.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for abnormal activity and unauthorized access attempts to the \u003ccode\u003e/api/v2/workspaceagents/azure-instance-identity\u003c/code\u003e, \u003ccode\u003e/workspaceagents/me/gitsshkey\u003c/code\u003e, and \u003ccode\u003e/workspaceagents/me/external-auth\u003c/code\u003e endpoints.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-19T20:05:00Z","date_published":"2026-05-19T20:05:00Z","id":"https://feed.craftedsignal.io/briefs/2026-05-coder-azure-bypass/","summary":"Coder is vulnerable to a PKCS#7 signature bypass in Azure instance identity (CVE-2026-46354), allowing unauthenticated agent token theft via a forged vmId, enabling access to Git SSH private keys, OAuth access tokens, and workspace secrets.","title":"Coder Azure Instance Identity PKCS#7 Signature Bypass Leads to Unauthenticated Agent Token Theft (CVE-2026-46354)","url":"https://feed.craftedsignal.io/briefs/2026-05-coder-azure-bypass/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["arcane backend (\u003c= 1.18.1)","github.com","gitlab.com"],"_cs_severities":["critical"],"_cs_tags":["credential-access","privilege-escalation","supply-chain-compromise","denial-of-service","information-disclosure","cloud","authentication-bypass"],"_cs_type":"advisory","_cs_vendors":["GitHub","GitLab"],"content_html":"\u003cp\u003eArcane\u0026rsquo;s huma-based REST API exposes nine endpoints under \u003ccode\u003e/api/customize/git-repositories\u003c/code\u003e and \u003ccode\u003e/api/git-repositories/sync\u003c/code\u003e for managing GitOps source repositories and their stored credentials. Eight of those endpoints never call the \u003ccode\u003echeckAdmin(ctx)\u003c/code\u003e helper used by other admin-managed resources, and the authentication middleware enforces only authentication, not the \u003ccode\u003eadmin\u003c/code\u003e role. As a result, any logged-in user with the default \u003ccode\u003euser\u003c/code\u003e role can list, create, modify, delete, and test git repository configurations. By repointing an existing repository\u0026rsquo;s URL to an attacker-controlled host while omitting the \u003ccode\u003etoken\u003c/code\u003e/\u003ccode\u003esshKey\u003c/code\u003e fields, the attacker causes Arcane to decrypt the legitimate PAT/SSH key on its next \u003ccode\u003e/test\u003c/code\u003e, \u003ccode\u003e/branches\u003c/code\u003e, or \u003ccode\u003e/files\u003c/code\u003e call and present it as HTTP Basic auth (or SSH key auth) to the attacker\u0026rsquo;s host, exfiltrating plaintext Git credentials. This affects Arcane versions 1.18.1 and earlier.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker authenticates to the Arcane backend using a normal \u003ccode\u003euser\u003c/code\u003e account, either through registration or a pre-existing account.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a \u003ccode\u003eGET\u003c/code\u003e request to \u003ccode\u003e/api/customize/git-repositories\u003c/code\u003e to enumerate all configured Git repositories, obtaining their IDs, URLs, and authentication types.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a \u003ccode\u003ePUT\u003c/code\u003e request to \u003ccode\u003e/api/customize/git-repositories/{id}\u003c/code\u003e with a JSON payload containing the key \u003ccode\u003eurl\u003c/code\u003e set to an attacker-controlled domain (e.g., \u003ccode\u003ehttps://attacker.tld/repo.git\u003c/code\u003e). The \u003ccode\u003etoken\u003c/code\u003e or \u003ccode\u003esshKey\u003c/code\u003e fields are intentionally omitted to preserve the existing encrypted credentials.\u003c/li\u003e\n\u003cli\u003eThe Arcane backend updates the repository configuration, changing the repository URL while retaining the encrypted credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a \u003ccode\u003ePOST\u003c/code\u003e request to \u003ccode\u003e/api/customize/git-repositories/{id}/test\u003c/code\u003e to trigger a connection test, or alternatively triggers a \u003ccode\u003eGET\u003c/code\u003e request to \u003ccode\u003e.../branches\u003c/code\u003e or \u003ccode\u003e.../files\u003c/code\u003e to list branches or browse files.\u003c/li\u003e\n\u003cli\u003eArcane decrypts the stored token or SSH key and attempts to authenticate to the attacker-controlled URL using HTTP Basic authentication or SSH key authentication.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s server receives the decrypted credentials, which are exposed in cleartext.\u003c/li\u003e\n\u003cli\u003eOptionally, the attacker cleans up by sending another \u003ccode\u003ePUT\u003c/code\u003e request to restore the original URL or \u003ccode\u003eDELETE\u003c/code\u003e requests to all repos for DoS.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe vulnerability leads to cleartext exfiltration of stored Git credentials (PATs and SSH keys) configured by administrators for GitOps repositories. Stolen credentials grant write access to source repos, CI secrets, container registries, and production systems. Non-admin users can create, modify, and delete Git repository configurations, potentially injecting malicious code into deployments. An attacker can also trigger a denial of service by deleting repository configurations. Information disclosure of private repo contents is possible by listing files via the API. The default Arcane installations create new accounts with role \u003ccode\u003euser\u003c/code\u003e, making the attack easily exploitable. This has a critical impact on supply chain integrity and overall system security.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply authorization checks on the \u003ccode\u003e/api/customize/git-repositories\u003c/code\u003e and \u003ccode\u003e/api/git-repositories/sync\u003c/code\u003e endpoints, ensuring that only admin users can manage Git repository configurations.\u003c/li\u003e\n\u003cli\u003eImplement stricter validation and sanitization of input data, particularly the repository URL, to prevent redirection to malicious hosts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Arcane Git Repository URL Manipulation\u0026rdquo; to identify attempts to modify Git repository URLs to attacker-controlled domains.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Arcane Git Repository Test Connection to External Domain\u0026rdquo; to detect attempts to test connections to external domains after a URL manipulation.\u003c/li\u003e\n\u003cli\u003eUpgrade Arcane backend to a patched version beyond 1.18.1 that addresses CVE-2026-45625.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-18T13:45:14Z","date_published":"2026-05-18T13:45:14Z","id":"https://feed.craftedsignal.io/briefs/2026-05-arcane-git-repo-auth-bypass/","summary":"Arcane's REST API lacks proper admin authorization checks on Git repository management endpoints, allowing any authenticated user to exfiltrate stored Git credentials and tamper with GitOps configurations by redirecting credential requests to an attacker-controlled host.","title":"Arcane Git Repository Authentication Bypass Leads to Credential Exfiltration and GitOps Tampering (CVE-2026-45625)","url":"https://feed.craftedsignal.io/briefs/2026-05-arcane-git-repo-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Gitlab.com","version":"https://jsonfeed.org/version/1.1"}