CVE-2026-46354
CRITICAL SEVERITYCVSS Score & Metrics
Base Score
9.1 / 10
Vulnerability Description
Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft
Vulnerability Details
Published Date
Last Modified
Source
GitHub
Vendor
go
Product
github.com/coder/coder/v2
External References
- https://github.com/coder/coder/security/advisories/GHSA-6x44-w3xg-hqqf
- https://github.com/coder/coder/pull/25286
- https://github.com/coder/coder/releases/tag/v2.24.5
- https://github.com/coder/coder/releases/tag/v2.29.13
- https://github.com/coder/coder/releases/tag/v2.30.8
- https://github.com/coder/coder/releases/tag/v2.31.12
- https://github.com/coder/coder/releases/tag/v2.32.2
- https://github.com/coder/coder/releases/tag/v2.33.3
- https://github.com/advisories/GHSA-6x44-w3xg-hqqf
Discussion (0)
Add Comment
No comments yet. Be the first!