Lucene search
K

Coder < 2.29.17 / 2.30.x < 2.32.7 / 2.33.x < 2.33.8 / 2.34.x < 2.34.2 Multiple Vulnerabilities

🗓️ 10 Jul 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 2 Views

Coder prior to releases has privilege escalation, cross workspace binding, and ssh configuration injection.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-55076
7 Jul 202622:23
attackerkb
ATTACKERKB
CVE-2026-55075
7 Jul 202621:33
attackerkb
ATTACKERKB
CVE-2026-55431
8 Jul 202600:10
attackerkb
ATTACKERKB
CVE-2026-55077
7 Jul 202622:44
attackerkb
Circl
CVE-2026-55075
8 Jul 202617:07
circl
Circl
CVE-2026-55076
8 Jul 202601:14
circl
Circl
CVE-2026-55077
8 Jul 202600:59
circl
Circl
CVE-2026-55427
8 Jul 202603:26
circl
Circl
CVE-2026-55428
8 Jul 202603:31
circl
Circl
CVE-2026-55429
8 Jul 202603:36
circl
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(326280);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/07/10");

  script_cve_id(
    "CVE-2026-55075",
    "CVE-2026-55076",
    "CVE-2026-55077",
    "CVE-2026-55427",
    "CVE-2026-55428",
    "CVE-2026-55429",
    "CVE-2026-55431"
  );
  script_xref(name:"IAVB", value:"2026-B-0188");

  script_name(english:"Coder < 2.29.17 / 2.30.x < 2.32.7 / 2.33.x < 2.33.8 / 2.34.x < 2.34.2 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has an application installed that is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Coder installed on the remote host is prior to 2.29.17, 2.32.7, 2.33.8, or 2.34.2. It is,
therefore, affected by multiple vulnerabilities:

  - A user-admin role can reset the owner account password, resulting in privilege escalation from
    user-admin to owner. (CVE-2026-55077)

  - A workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID,
    enabling traffic interception. (CVE-2026-55429)

  - The coder config-ssh command wrote server-supplied SSH settings into the user's SSH config without
    sanitizing embedded newlines, allowing arbitrary SSH configuration injection. (CVE-2026-55427)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://github.com/coder/coder/security/advisories/GHSA-9r87-mvcw-x35f
  script_set_attribute(attribute:"see_also", value:"https://github.com/coder/coder/security/advisories/GHSA-9r87-mvcw-x35f");
  # https://github.com/coder/coder/security/advisories/GHSA-75vm-6w67-gwvp
  script_set_attribute(attribute:"see_also", value:"https://github.com/coder/coder/security/advisories/GHSA-75vm-6w67-gwvp");
  # https://github.com/coder/coder/security/advisories/GHSA-29xf-69gq-m9jx
  script_set_attribute(attribute:"see_also", value:"https://github.com/coder/coder/security/advisories/GHSA-29xf-69gq-m9jx");
  # https://github.com/coder/coder/security/advisories/GHSA-mcqq-fqgf-rxwm
  script_set_attribute(attribute:"see_also", value:"https://github.com/coder/coder/security/advisories/GHSA-mcqq-fqgf-rxwm");
  # https://github.com/coder/coder/security/advisories/GHSA-wrq8-fcv5-8hvp
  script_set_attribute(attribute:"see_also", value:"https://github.com/coder/coder/security/advisories/GHSA-wrq8-fcv5-8hvp");
  # https://github.com/coder/coder/security/advisories/GHSA-9rjw-3gwp-f59v
  script_set_attribute(attribute:"see_also", value:"https://github.com/coder/coder/security/advisories/GHSA-9rjw-3gwp-f59v");
  # https://github.com/coder/coder/security/advisories/GHSA-v54h-cp2w-9x4g
  script_set_attribute(attribute:"see_also", value:"https://github.com/coder/coder/security/advisories/GHSA-v54h-cp2w-9x4g");
  script_set_attribute(attribute:"solution", value:
"Update Coder to version 2.29.17, 2.32.7, 2.33.8, or 2.34.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-55429");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/06/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/07/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:coder:coder");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("coder_win_installed.nbin");
  script_require_keys("installed_sw/Coder");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'checks': [
    {
      'product': {'name': 'Coder', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'fixed_version': '2.29.17'},
        {'min_version': '2.30.0', 'fixed_version': '2.32.7'},
        {'min_version': '2.33.0', 'fixed_version': '2.33.8'},
        {'min_version': '2.34.0', 'fixed_version': '2.34.2'}
      ]
    }
  ]
};

var vdf_result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:vdf_result);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

10 Jul 2026 00:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.16.1 - 8.7
EPSS0.00615
SSVC
2