{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/bitbucket/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Coder v2","azure-instance-identity","github.com","gitlab.com","Bitbucket Cloud"],"_cs_severities":["critical"],"_cs_tags":["pkcs7","azure","instance identity","signature bypass","unauthenticated access","credential theft","cve-2026-46354","coder"],"_cs_type":"advisory","_cs_vendors":["Coder","Microsoft","GitHub","GitLab","Bitbucket"],"content_html":"\u003cp\u003eCoder v2 is susceptible to a critical vulnerability where the \u003ccode\u003eazureidentity.Validate()\u003c/code\u003e function fails to properly validate the PKCS#7 signature when using Azure instance identity for authentication. This flaw allows an unauthenticated attacker to bypass security measures by embedding a legitimate Azure certificate alongside a forged \u003ccode\u003evmId\u003c/code\u003e within a PKCS#7 envelope. Successful exploitation allows retrieval of the victim workspace agent\u0026rsquo;s session token, granting unauthorized access to sensitive resources. The attacker only requires knowledge of the target VM\u0026rsquo;s \u003ccode\u003evmId\u003c/code\u003e (UUIDv4), which, while a limitation, could be obtained through prior access or reconnaissance. This vulnerability impacts all versions of Coder v2 prior to the patched versions released in May 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a target Coder workspace agent and obtains its \u003ccode\u003evmId\u003c/code\u003e UUIDv4.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious PKCS#7 envelope containing a legitimate Azure certificate and a forged \u003ccode\u003evmId\u003c/code\u003e targeting the identified workspace.\u003c/li\u003e\n\u003cli\u003eAttacker sends a \u003ccode\u003ePOST\u003c/code\u003e request to the \u003ccode\u003e/api/v2/workspaceagents/azure-instance-identity\u003c/code\u003e endpoint with the crafted PKCS#7 envelope. This endpoint is unauthenticated.\u003c/li\u003e\n\u003cli\u003eCoder\u0026rsquo;s \u003ccode\u003eazureidentity.Validate()\u003c/code\u003e function incorrectly validates only the signer certificate, failing to verify the PKCS#7 signature itself.\u003c/li\u003e\n\u003cli\u003eThe forged \u003ccode\u003evmId\u003c/code\u003e is accepted, and the attacker retrieves the workspace agent\u0026rsquo;s session token.\u003c/li\u003e\n\u003cli\u003eAttacker uses the stolen token to access the \u003ccode\u003eGET /workspaceagents/me/gitsshkey\u003c/code\u003e endpoint to retrieve the Git SSH private key.\u003c/li\u003e\n\u003cli\u003eAttacker uses the stolen token to access \u003ccode\u003eGET /workspaceagents/me/external-auth\u003c/code\u003e endpoint, exfiltrating OAuth access tokens for GitHub, GitLab, and Bitbucket.\u003c/li\u003e\n\u003cli\u003eAttacker uses the stolen token to access workspace secrets via the agent manifest, including environment variables, file paths, and API keys.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2026-46354) grants an attacker unauthorized access to sensitive resources within Coder workspaces. This can lead to complete compromise of the workspace, including the ability to push malicious code to repositories using the stolen Git SSH private key, impersonate the workspace owner, and access sensitive environment variables, file paths, and API keys. If an attacker gains access to source code repositories and developer secrets, they can cause significant data breaches, intellectual property theft, and supply chain attacks.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch Coder instances to the latest versions (\u0026gt;= v2.33.3, v2.32.2, v2.31.12, v2.30.8, v2.29.13, v2.24.5) to address CVE-2026-46354.\u003c/li\u003e\n\u003cli\u003eAs a temporary workaround, reconfigure Azure templates to use token authentication instead of \u003ccode\u003eazure-instance-identity\u003c/code\u003e, as described in the advisory. Specifically, modify the \u003ca href=\"https://registry.terraform.io/providers/coder/coder/latest/docs/resources/agent#auth-1\"\u003e\u003ccode\u003ecoder_agent.auth\u003c/code\u003e\u003c/a\u003e value to \u003ccode\u003etoken\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eImplement the provided Sigma rule to detect suspicious POST requests to the \u003ccode\u003e/api/v2/workspaceagents/azure-instance-identity\u003c/code\u003e endpoint with potentially crafted PKCS#7 envelopes.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for abnormal activity and unauthorized access attempts to the \u003ccode\u003e/api/v2/workspaceagents/azure-instance-identity\u003c/code\u003e, \u003ccode\u003e/workspaceagents/me/gitsshkey\u003c/code\u003e, and \u003ccode\u003e/workspaceagents/me/external-auth\u003c/code\u003e endpoints.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-19T20:05:00Z","date_published":"2026-05-19T20:05:00Z","id":"https://feed.craftedsignal.io/briefs/2026-05-coder-azure-bypass/","summary":"Coder is vulnerable to a PKCS#7 signature bypass in Azure instance identity (CVE-2026-46354), allowing unauthenticated agent token theft via a forged vmId, enabling access to Git SSH private keys, OAuth access tokens, and workspace secrets.","title":"Coder Azure Instance Identity PKCS#7 Signature Bypass Leads to Unauthenticated Agent Token Theft (CVE-2026-46354)","url":"https://feed.craftedsignal.io/briefs/2026-05-coder-azure-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Bitbucket","version":"https://jsonfeed.org/version/1.1"}