Coder < 2.29.7 / 2.30.x < 2.30.2 Workspace Auto-Creation Without Consent (CVE-2026-44454)
The version of Coder installed on the remote host is prior to 2.29.7 or 2.30.x prior to 2.30.2. It is, therefore, affected by a command injection vulnerability. The dotfiles registry module passed unsanitized user input to shell commands, enabling arbitrary code execution inside provisioned...