{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/developer-tools/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Coder (\u003e= 2.34.0, \u003c 2.34.2)","Coder (\u003e= 2.33.0, \u003c 2.33.8)","Coder (\u003e= 2.30.0, \u003c 2.32.7)","Coder (\u003c 2.29.17)"],"_cs_severities":["high"],"_cs_tags":["ssh","configuration-injection","rce","supply-chain","developer-tools","vulnerability"],"_cs_type":"advisory","_cs_vendors":["Coder"],"content_html":"\u003cp\u003eThe \u003ccode\u003ecoder config-ssh\u003c/code\u003e utility from Coder is vulnerable to a critical configuration injection issue, tracked as CVE-2026-55427. This vulnerability allows a malicious or compromised Coder server to inject arbitrary SSH configuration directives, such as \u003ccode\u003eProxyCommand\u003c/code\u003e, into a developer's \u003ccode\u003e~/.ssh/config\u003c/code\u003e file. This occurs because \u003ccode\u003ecoder config-ssh\u003c/code\u003e unsafely writes server-supplied values like \u003ccode\u003eHostnameSuffix\u003c/code\u003e and \u003ccode\u003eSSHConfigOptions\u003c/code\u003e without proper sanitization of newlines or restriction of directives. If a developer runs \u003ccode\u003ecoder config-ssh\u003c/code\u003e while connected to such a server, it can lead to arbitrary code execution on their workstation with local user privileges. The vulnerability affects Coder versions prior to v2.34.2, v2.33.8, v2.32.7, and v2.29.17. The issue, independently disclosed by Anthropic's Security Team (ANT-2026-22437), highlights a potential supply chain risk through developer tooling.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access / Server Compromise\u003c/strong\u003e: An attacker gains control over a Coder server deployment or compromises its administrative interface, or a Coder server administrator acts maliciously.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConfiguration Injection\u003c/strong\u003e: The attacker modifies the Coder server's \u003ccode\u003eHostnameSuffix\u003c/code\u003e or \u003ccode\u003eSSHConfigOptions\u003c/code\u003e settings to include malicious SSH directives (e.g., \u003ccode\u003eProxyCommand\u003c/code\u003e followed by a shell command) that exploit the lack of input sanitization.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eClient-Side Configuration Request\u003c/strong\u003e: A developer executes \u003ccode\u003ecoder config-ssh\u003c/code\u003e on their workstation (typically Linux or macOS) to configure SSH access to Coder workspaces.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMalicious Configuration Download\u003c/strong\u003e: The \u003ccode\u003ecoder config-ssh\u003c/code\u003e utility fetches the unsanitized configuration values from the compromised Coder server.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLocal SSH Config Modification\u003c/strong\u003e: \u003ccode\u003ecoder config-ssh\u003c/code\u003e writes the received malicious \u003ccode\u003eHostnameSuffix\u003c/code\u003e and \u003ccode\u003eSSHConfigOptions\u003c/code\u003e directly into the developer's \u003ccode\u003e~/.ssh/config\u003c/code\u003e file, injecting the attacker-controlled SSH directives.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTriggering Execution\u003c/strong\u003e: The developer subsequently initiates an SSH connection to any host that leverages the newly modified \u003ccode\u003e~/.ssh/config\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eArbitrary Code Execution\u003c/strong\u003e: The injected \u003ccode\u003eProxyCommand\u003c/code\u003e (or similar directive) within \u003ccode\u003e~/.ssh/config\u003c/code\u003e triggers the execution of the attacker's arbitrary code on the developer's workstation, operating with the privileges of the local user.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-55427 grants attackers arbitrary code execution capabilities on developer workstations. The injected commands run with the privileges of the local user, allowing for a wide range of malicious activities including data exfiltration, installation of malware, establishment of persistence, or further lateral movement within the developer's environment. Crucially, the malicious configuration applies to all SSH connections originating from the workstation, not just those related to Coder workspaces, broadening the scope of impact significantly. While no specific victim count is available, the vulnerability poses a substantial supply chain risk to organizations leveraging the Coder platform, as compromising a single Coder server could lead to compromise of numerous developer endpoints.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-55427 on all affected Coder server deployments to versions v2.34.2, v2.33.8, v2.32.7, or v2.29.17 immediately.\u003c/li\u003e\n\u003cli\u003eEducate developers to review the output of \u003ccode\u003ecoder config-ssh --dry-run\u003c/code\u003e before applying configuration changes to visually identify unexpected SSH directives.\u003c/li\u003e\n\u003cli\u003eImplement file integrity monitoring on \u003ccode\u003e~/.ssh/config\u003c/code\u003e files on developer workstations to detect unauthorized or suspicious modifications (e.g., via \u003ccode\u003efile_event\u003c/code\u003e logging).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-06T20:55:41Z","date_published":"2026-07-06T20:55:41Z","id":"https://feed.craftedsignal.io/briefs/2026-07-coder-ssh-config-injection/","summary":"A malicious or compromised Coder server can exploit CVE-2026-55427 to inject unsanitized SSH configuration values via `coder config-ssh` into developer workstations, enabling arbitrary code execution on client machines.","title":"Coder SSH Config Injection Vulnerability (CVE-2026-55427)","url":"https://feed.craftedsignal.io/briefs/2026-07-coder-ssh-config-injection/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.6,"id":"CVE-2026-33646"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["mise (\u003c 2026.3.10)"],"_cs_severities":["critical"],"_cs_tags":["mise","rce","supply-chain","trust-bypass","code-execution","developer-tools","cve"],"_cs_type":"advisory","_cs_vendors":["mise"],"content_html":"\u003cp\u003eA critical vulnerability, tracked as CVE-2026-33646, affects Mise, a popular multi-tool version manager. This flaw allows for arbitrary code execution on user systems when processing \u003ccode\u003e.tool-versions\u003c/code\u003e files. Unlike \u003ccode\u003e.mise.toml\u003c/code\u003e files, \u003ccode\u003e.tool-versions\u003c/code\u003e are not subject to a trust verification mechanism in non-paranoid mode (which is the default). This means an attacker can embed malicious Tera template syntax, specifically using the \u003ccode\u003eexec()\u003c/code\u003e function, into a \u003ccode\u003e.tool-versions\u003c/code\u003e file within a Git repository. When a victim, with \u003ccode\u003emise\u003c/code\u003e activated, changes directory (\u003ccode\u003ecd\u003c/code\u003e) into such a repository, the malicious commands execute silently and automatically, leveraging the full privileges and environment variables of the current user. The vulnerability affects Mise versions prior to 2026.3.10 and poses a significant supply chain risk to developers.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious \u003ccode\u003e.tool-versions\u003c/code\u003e file containing \u003ccode\u003eTera\u003c/code\u003e template syntax with an \u003ccode\u003eexec()\u003c/code\u003e function call (e.g., \u003ccode\u003e{{ exec(command=\u0026quot;malicious_command\u0026quot;) }}\u003c/code\u003e) and embeds it in a Git repository.\u003c/li\u003e\n\u003cli\u003eThe victim, who has \u003ccode\u003emise\u003c/code\u003e activated in their shell (e.g., \u003ccode\u003eeval \u0026quot;$(mise activate zsh)\u0026quot;\u003c/code\u003e), clones or downloads this malicious Git repository.\u003c/li\u003e\n\u003cli\u003eThe victim navigates into the cloned repository's directory using a command like \u003ccode\u003ecd\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eMise's shell hook (\u003ccode\u003ehook-env\u003c/code\u003e) automatically triggers, initiating the parsing of configuration files, including the malicious \u003ccode\u003e.tool-versions\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eDuring parsing, the \u003ccode\u003eToolVersions::parse_str\u003c/code\u003e function processes the \u003ccode\u003e.tool-versions\u003c/code\u003e file content through the \u003ccode\u003eTera\u003c/code\u003e template engine without performing a trust check.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eTera\u003c/code\u003e engine evaluates the embedded \u003ccode\u003eexec()\u003c/code\u003e function, which in turn spawns a shell process to execute the attacker-defined arbitrary command (e.g., \u003ccode\u003ecurl\u003c/code\u003e for exfiltration or \u003ccode\u003eid\u003c/code\u003e for reconnaissance).\u003c/li\u003e\n\u003cli\u003eThe malicious command executes silently as the victim's current user with their full environment, without any warning or user interaction.\u003c/li\u003e\n\u003cli\u003eThis allows the attacker to achieve arbitrary code execution, potentially leading to data exfiltration, further compromise, or system modification, as demonstrated by the PoC's \u003ccode\u003ecurl\u003c/code\u003e or \u003ccode\u003eid\u003c/code\u003e commands.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-33646 leads to arbitrary code execution on the victim's machine. This presents a critical supply chain attack vector, as \u003ccode\u003e.tool-versions\u003c/code\u003e files are commonly committed to repositories and are expected to be benign. Execution occurs silently without any user prompt or warning, running with the full privileges and environment of the current user. This allows attackers to perform actions such as credential theft by exfiltrating environment variables (which may contain tokens, API keys, or SSH agent information) or establishing further persistence. The widespread use of \u003ccode\u003emise\u003c/code\u003e in development environments means a broad range of open-source projects and developer machines are potentially vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-33646 by updating \u003ccode\u003emise\u003c/code\u003e to version 2026.3.10 or newer immediately.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect suspicious \u003ccode\u003ecurl\u003c/code\u003e commands used for data exfiltration, often indicative of arbitrary code execution.\u003c/li\u003e\n\u003cli\u003eEnable \u003ccode\u003eprocess_creation\u003c/code\u003e logging for shell processes (\u003ccode\u003ebash\u003c/code\u003e, \u003ccode\u003ezsh\u003c/code\u003e, \u003ccode\u003epowershell\u003c/code\u003e, \u003ccode\u003ecmd.exe\u003c/code\u003e) to capture commands executed in user environments, especially in newly cloned or untrusted repositories.\u003c/li\u003e\n\u003cli\u003eReview and implement the recommended trust checks for \u003ccode\u003e.tool-versions\u003c/code\u003e files if patching is not immediately feasible.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T11:07:52Z","date_published":"2026-07-03T11:07:52Z","id":"https://feed.craftedsignal.io/briefs/2026-07-mise-rce-tool-versions/","summary":"A critical vulnerability (CVE-2026-33646) in Mise allows for arbitrary code execution on victim machines via malicious `.tool-versions` files containing Tera template syntax, which are processed without trust verification, enabling silent supply chain attacks upon directory entry.","title":"Mise Vulnerable to Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)","url":"https://feed.craftedsignal.io/briefs/2026-07-mise-rce-tool-versions/"}],"language":"en","title":"CraftedSignal Threat Feed - Developer-Tools","version":"https://jsonfeed.org/version/1.1"}