Lucene search
K

10 matches found

CVE
CVE
added 8 hours ago12 views

CVE-2026-55436

The CVE-2026-55436 issue affects Coder’s AI Bridge Proxy (aibridgeproxyd) in versions prior to 2.32.7, 2.33.8, and 2.34.2. The root cause is that the proxy’s default goproxy transport uses InsecureSkipVerify: true and only switches to a secure transport if an upstream proxy is configured; thus ou...

7.4CVSS6AI score
Exploits0References5
OSV
OSV
added yesterday4 views

GO-2026-5920 Coder's AI Bridge Proxy skips TLS certificate verification in default configuration in github.com/coder/coder

Coder's AI Bridge Proxy skips TLS certificate verification in default configuration in github.com/coder/coder...

7.4CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2 days ago3 views

GHSA-84RM-42XW-MX52 Coder's AI Bridge Proxy skips TLS certificate verification in default configuration

Summary The AI Bridge Proxy aibridgeproxyd created a goproxy server whose default transport set InsecureSkipVerify: true and only assigned a secure transport when an upstream proxy was configured. In the default configuration no upstream proxy, outbound HTTPS to the Coder access URL accepted any...

7.4CVSS6AI score
Exploits0References3
OSV
OSV
added 2 days ago4 views

GHSA-WQXV-W64V-5WH6 Suspended Coder users retain access to AI Bridge LLM proxy endpoints

Summary AI Bridge proxy endpoints authenticate via Server.IsAuthorized in coderd/aibridgedserver, which validates key format, expiry, secret and deleted or system users but does not check whether the account is suspended. Because suspension does not revoke existing API keys, a suspended user's...

5.4CVSS5.9AI score
Exploits0References9
Github Security Blog
Github Security Blog
added 2 days ago5 views

Suspended Coder users retain access to AI Bridge LLM proxy endpoints

Summary AI Bridge proxy endpoints authenticate via Server.IsAuthorized in coderd/aibridgedserver, which validates key format, expiry, secret and deleted or system users but does not check whether the account is suspended. Because suspension does not revoke existing API keys, a suspended user's...

5.4CVSS5.9AI score
Exploits0References9Affected Software1
OSV
OSV
added 2 days ago5 views

GHSA-F5VP-W269-392G Coder vulnerable to denial of service via unbounded request body in AI Bridge provider endpoints

Summary AI Bridge provider handlers read request bodies with io.ReadAll without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory. Note: Exploitation requires authenticated access to the AI Bridge endpoints and the impact is...

6.5CVSS6AI score
Exploits0References6
Github Security Blog
Github Security Blog
added 2 days ago5 views

Coder vulnerable to denial of service via unbounded request body in AI Bridge provider endpoints

Summary AI Bridge provider handlers read request bodies with io.ReadAll without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory. Note: Exploitation requires authenticated access to the AI Bridge endpoints and the impact is...

6.5CVSS6AI score
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-56080

Name of the Vulnerable Software and Affected Versions Coder versions 2.30.0 through 2.32.6 Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description The AI Bridge Proxy aibridgeproxyd creates a goproxy server that, by default, sets InsecureSkipVerify: true. In...

7.4CVSS5.9AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-56079

Name of the Vulnerable Software and Affected Versions Coder versions 2.30.0 through 2.32.6 Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description AI Bridge proxy endpoints authenticate via the Server.IsAuthorized function in coderd/aibridgedserver. This process...

5.4CVSS5.9AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-56078

Name of the Vulnerable Software and Affected Versions Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description AI Bridge provider handlers read request bodies using io.ReadAll without enforcing a maximum size. An authenticated user with AI Bridge access can send an...

6.5CVSS6AI score
Exploits0References6
Rows per page
Query Builder