CVE-2026-55432
Coder's GO/enterprise deployment vulnerability: the CreateSubAgent RPC did not validate a requested app sharing level against the template MaxPortSharingLevel before persisting workspace apps. This allowed a workspace owner (with an agent token) to exceed the administrator’s maximum, potentially ...