PT-2026-56075 · Coder · Coder

Published

2026-07-06

·

Updated

2026-07-08

·

CVE-2026-55431

CVSS v3.1

7.7

High

VectorAV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2
Description The coder open app command opens external workspace-app URLs without validating the scheme or host. If an external app URL contains the $SESSION TOKEN placeholder, the CLI replaces it with the user's actual session token before passing the URL to the operating system's open handler. A malicious template author can define an arbitrary URL to capture the session token, enabling full account impersonation, or invoke arbitrary local URI scheme handlers. Exploitation occurs when a user runs coder open app against a workspace controlled by an attacker.
Recommendations Update to version 2.29.17 or later. Update to version 2.32.7 or later. Update to version 2.33.8 or later. Update to version 2.34.2 or later. As a temporary workaround, avoid running coder open app for untrusted workspaces.

Fix

Open Redirect

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-55431
GHSA-V54H-CP2W-9X4G
GO-2026-5924

Affected Products

Coder