3 matches found
CVE-2026-55428
CVE-2026-55428 (Coder) describes a route hijack risk in the tailnet coordinator where an agent’s AllowedIPs are not validated against the agent’s authenticated UUID, unlike the Addresses check. The coordinator forwards adversarially supplied AllowedIPs to WireGuard peers, potentially enabling an ...
CVE-2026-55428 Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinato...
wireguard: allowedips: avoid unaligned 64-bit memory accesses
...