SecBoard
Zurück zur CVE-Übersicht

CVE-2026-55428

HIGH(8.2)

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Risk Signal Score31/100 — MITTEL
  • CVSS 8.2 — Hoch
  • Weniger als 24 Stunden alt

Beschreibung

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the tailnet coordinator validates that an agent's `Addresses` derive from its authenticated UUID but applies no equivalent check to `AllowedIPs`. The coordinator forwards agent-supplied `AllowedIPs` verbatim to tunnel peers which install them into the WireGuard peer configuration. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 validates each `AllowedIPs` prefix against the authenticating agent's UUID just like `Addresses`. As a workaround, monitor coordinator logs for agents advertising unexpected `AllowedIPs` prefixes.

GitHub Advisories

GHSA-wrq8-fcv5-8hvpHIGH

Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator

go/github.com/coder/coder/v22.34.2
GitHub Advisory

Referenzen