2 matches found
CVE-2026-55434
The CVE affects Coder’s AI Bridge provider endpoints (v2.33.x and v2.34.x) where handlers read request bodies with io.ReadAll without a max size. An authenticated user could send oversized bodies, causing memory exhaustion and a denial of service that crashes the control plane. Patches are availa...
CVE-2026-55435
CVE-2026-55435 affects Coder’s AI Bridge proxy endpoints. The vulnerability stems from Server.IsAuthorized not checking whether a suspended account is active, so an unexpired API key issued to a suspended user remains usable until the key is deleted. Impact is limited to already-issued keys; no n...