Lucene search
K

7 matches found

NVD
NVD
added 14 hours ago2 views

CVE-2026-55436

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge Proxy aibridgeproxyd created a goproxy server whose default transport set InsecureSkipVerify: true and only assigned a...

7.4CVSS
Exploits0References5
EUVD
EUVD
added 15 hours ago4 views

EUVD-2026-42149

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge Proxy aibridgeproxyd created a goproxy server whose default transport set InsecureSkipVerify: true and only assigned a...

7.4CVSS6AI score
Exploits0References5
CVE
CVE
added 15 hours ago13 views

CVE-2026-55436

The CVE-2026-55436 issue affects Coder’s AI Bridge Proxy (aibridgeproxyd) in versions prior to 2.32.7, 2.33.8, and 2.34.2. The root cause is that the proxy’s default goproxy transport uses InsecureSkipVerify: true and only switches to a secure transport if an upstream proxy is configured; thus ou...

7.4CVSS6AI score
Exploits0References5
OSV
OSV
added yesterday4 views

GO-2026-5920 Coder's AI Bridge Proxy skips TLS certificate verification in default configuration in github.com/coder/coder

Coder's AI Bridge Proxy skips TLS certificate verification in default configuration in github.com/coder/coder...

7.4CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2 days ago3 views

GHSA-84RM-42XW-MX52 Coder's AI Bridge Proxy skips TLS certificate verification in default configuration

Summary The AI Bridge Proxy aibridgeproxyd created a goproxy server whose default transport set InsecureSkipVerify: true and only assigned a secure transport when an upstream proxy was configured. In the default configuration no upstream proxy, outbound HTTPS to the Coder access URL accepted any...

7.4CVSS6AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2 days ago5 views

Suspended Coder users retain access to AI Bridge LLM proxy endpoints

Summary AI Bridge proxy endpoints authenticate via Server.IsAuthorized in coderd/aibridgedserver, which validates key format, expiry, secret and deleted or system users but does not check whether the account is suspended. Because suspension does not revoke existing API keys, a suspended user's...

5.4CVSS5.9AI score
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-56080

Name of the Vulnerable Software and Affected Versions Coder versions 2.30.0 through 2.32.6 Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description The AI Bridge Proxy aibridgeproxyd creates a goproxy server that, by default, sets InsecureSkipVerify: true. In...

7.4CVSS5.9AI score
Exploits0References8
Rows per page
Query Builder