PT-2026-56072 · Coder · Coder
Garrett
·
Published
2026-07-06
·
Updated
2026-07-08
·
CVE-2026-55428
CVSS v3.1
8.2
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Coder versions prior to 2.34.2
Coder versions prior to 2.33.8
Coder versions prior to 2.32.7
Coder versions prior to 2.29.17
Description
The tailnet coordinator fails to validate that an agent's
AllowedIPs derive from its authenticated UUID, whereas it does perform this check for Addresses. Consequently, the coordinator forwards agent-supplied AllowedIPs verbatim to tunnel peers, which are then installed into the WireGuard peer configuration. A malicious authenticated user with a modified agent binary can advertise arbitrary AllowedIPs prefixes, including those of another agent. This allows the attacker to intercept web terminal and workspace app traffic and serve spoofed content by claiming a victim's prefix.Recommendations
Update to version 2.34.2 or later.
Update to version 2.33.8 or later.
Update to version 2.32.7 or later.
Update to version 2.29.17 or later.
Monitor coordinator logs for agents advertising unexpected
AllowedIPs prefixes.Fix
Improper Authorization
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Coder