CVE-2026-55428
HIGH(8.2)CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
- CVSS 8.2 — Hoch
- Weniger als 24 Stunden alt
Beschreibung
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the tailnet coordinator validates that an agent's `Addresses` derive from its authenticated UUID but applies no equivalent check to `AllowedIPs`. The coordinator forwards agent-supplied `AllowedIPs` verbatim to tunnel peers which install them into the WireGuard peer configuration. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 validates each `AllowedIPs` prefix against the authenticating agent's UUID just like `Addresses`. As a workaround, monitor coordinator logs for agents advertising unexpected `AllowedIPs` prefixes.
GitHub Advisories
Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator
Referenzen
- https://github.com/coder/coder/pull/26144
- https://github.com/coder/coder/releases/tag/v2.29.17
- https://github.com/coder/coder/releases/tag/v2.32.7
- https://github.com/coder/coder/releases/tag/v2.33.8
- https://github.com/coder/coder/releases/tag/v2.34.2
- https://github.com/coder/coder/security/advisories/GHSA-wrq8-fcv5-8hvp