Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-55434
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-07 Jul, 2026 | 20:14
Updated At-08 Jul, 2026 | 14:15
Rejected At-
▼CVE Numbering Authority (CNA)
Coder vulnerable to denial of service via unbounded request body in AI Bridge provider endpoints

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.33.0 and prior to versions 2.33.8 and 2.34.2, AI Bridge provider handlers read request bodies with `io.ReadAll` without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory. Exploitation requires authenticated access to the AI Bridge endpoints and the impact is limited to availability (denial of service). Versions 2.33.8 and 2.34.2 patch the issue. No known workarounds are available.

Affected Products
Vendor
coder
Product
coder
Versions
Affected
  • >= 2.34.0, < 2.34.2
  • >= 2.33.0, < 2.33.8
Problem Types
TypeCWE IDDescription
CWECWE-770CWE-770: Allocation of Resources Without Limits or Throttling
Type: CWE
CWE ID: CWE-770
Description: CWE-770: Allocation of Resources Without Limits or Throttling
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/coder/coder/security/advisories/GHSA-f5vp-w269-392g
x_refsource_CONFIRM
https://github.com/coder/coder/pull/26164
x_refsource_MISC
https://github.com/coder/coder/releases/tag/v2.33.8
x_refsource_MISC
https://github.com/coder/coder/releases/tag/v2.34.2
x_refsource_MISC
Hyperlink: https://github.com/coder/coder/security/advisories/GHSA-f5vp-w269-392g
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/coder/coder/pull/26164
Resource:
x_refsource_MISC
Hyperlink: https://github.com/coder/coder/releases/tag/v2.33.8
Resource:
x_refsource_MISC
Hyperlink: https://github.com/coder/coder/releases/tag/v2.34.2
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Details not found