202 matches found
Coder < 2.29.17 / 2.30.x < 2.32.7 / 2.33.x < 2.33.8 / 2.34.x < 2.34.2 Multiple Vulnerabilities
The version of Coder installed on the remote host is prior to 2.29.17, 2.32.7, 2.33.8, or 2.34.2. It is, therefore, affected by multiple vulnerabilities: - A user-admin role can reset the owner account password, resulting in privilege escalation from user-admin to owner. CVE-2026-55077 - A...
Improper Authorization
github.com/coder/coder is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation in the UpsertWorkspaceApp and insertAgentApp functions, which fail to verify that a supplied application ID belongs to the workspace being built before performing a cross-workspace...
CVE-2026-55429
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...
EUVD-2026-42135
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...
CVE-2026-55429 Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...
CVE-2026-55429
Coder's CVE-2026-55429 describes a cross-workspace agent rebinding vulnerability in UpsertWorkspaceApp and insertAgentApp where a provisioner payload can bind a victim app to an attacker-controlled agent due to lack of workspace verification. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, ...
CVE-2026-55429 Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...
GO-2026-5909 Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID in github.com/coder/coder
Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID in github.com/coder/coder...
Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID
Summary UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob payload without verifying it belongs to the workspace being built. CompleteJob runs under dbauthz.AsProvisionerd so the authorization...
GHSA-9RJW-3GWP-F59V Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID
Summary UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob payload without verifying it belongs to the workspace being built. CompleteJob runs under dbauthz.AsProvisionerd so the authorization...
PT-2026-56073
Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description An issue exists where the UpsertWorkspaceApp function overwrites an existing application's agent id during...
EUVD-2026-41421
RAGFlow before 0.26.3 stores an agent pipeline DSL node name without sanitization: the agent update endpoint normalizes the submitted DSL via normalizedsl, which only performs JSON serialization validation and preserves the node name verbatim. The dataflow-result web UI then renders that name int...
CVE-2026-58653 PraisonAI - Authorization Bypass via Unvalidated project_id in Issue Create/Update
PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...
CVE-2026-58653
CVE-2026-58653 affects PraisonAI prior to 0.1.7, where issue creation/update does not validate that project_id matches the URL workspace. This allows an attacker to reference projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace co...
PYSEC-2026-482 PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation
Summary The Platform server exposes resources under /api/v1/workspaces/workspaceid/... and protects them with a requireworkspacememberworkspaceid FastAPI dependency. The dependency only checks that the caller is a member of the workspaceid in the URL prefix. The route handlers then look up the...
CVE-2026-54351 Budibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId Override
Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body into automation execution parameters. A mass assignment vulnerability in externalTrigger allows an attacker to overwrite the interna...
CVE-2026-54351
Budibase (open-source low-code platform) is affected by CVE-2026-54351 prior to version 3.39.9. A mass assignment vulnerability in externalTrigger() allows an attacker to overwrite the internal appId by including it in the webhook POST body, causing the async automation worker to run in the victi...
CVE-2026-55583
Twenty is an open-source CRM customer relationship management platform. Prior to 2.9.0, Twenty was vulnerable to a cross-workspace insecure direct object reference IDOR in the AI agent monitor's AgentTurnResolver, in packages/twenty-server/src/engine/metadata-modules/ai/ai-agent-monitor/reso...
CVE-2026-55583 Twenty: Cross-workspace IDOR in AgentTurnResolver
Twenty is an open-source CRM customer relationship management platform. Prior to 2.9.0, Twenty was vulnerable to a cross-workspace insecure direct object reference IDOR in the AI agent monitor's AgentTurnResolver, in packages/twenty-server/src/engine/metadata-modules/ai/ai-agent-monitor/reso...
CVE-2026-55583
Twenty, before version 2.9.0, is affected by a cross-workspace insecure direct object reference in the AI agent monitor’s Resolver (agent-turn.resolver.ts). The query paths agentTurns(agentId) and evaluateAgentTurn(turnId) retrieved rows by agentId or id without restricting workspaceId, and guard...