PT-2026-56072 · Coder · Coder

Garrett

·

Published

2026-07-06

·

Updated

2026-07-08

·

CVE-2026-55428

CVSS v3.1

8.2

High

VectorAV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17
Description The tailnet coordinator fails to validate that an agent's AllowedIPs derive from its authenticated UUID, whereas it does perform this check for Addresses. Consequently, the coordinator forwards agent-supplied AllowedIPs verbatim to tunnel peers, which are then installed into the WireGuard peer configuration. A malicious authenticated user with a modified agent binary can advertise arbitrary AllowedIPs prefixes, including those of another agent. This allows the attacker to intercept web terminal and workspace app traffic and serve spoofed content by claiming a victim's prefix.
Recommendations Update to version 2.34.2 or later. Update to version 2.33.8 or later. Update to version 2.32.7 or later. Update to version 2.29.17 or later. Monitor coordinator logs for agents advertising unexpected AllowedIPs prefixes.

Fix

Improper Authorization

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-55428
GHSA-WRQ8-FCV5-8HVP
GO-2026-5915

Affected Products

Coder