Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-55434
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-07 Jul, 2026 | 21:17
Updated At-08 Jul, 2026 | 19:47

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.33.0 and prior to versions 2.33.8 and 2.34.2, AI Bridge provider handlers read request bodies with `io.ReadAll` without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory. Exploitation requires authenticated access to the AI Bridge endpoints and the impact is limited to availability (denial of service). Versions 2.33.8 and 2.34.2 patch the issue. No known workarounds are available.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

coder
coder
>>coder>>Versions from 2.33.0(inclusive) to 2.33.8(exclusive)
cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*
coder
coder
>>coder>>Versions from 2.34.0(inclusive) to 2.34.2(exclusive)
cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*
Weaknesses
CWE IDTypeSource
CWE-770Secondarysecurity-advisories@github.com
CWE ID: CWE-770
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/coder/coder/pull/26164security-advisories@github.com
Issue Tracking
Patch
https://github.com/coder/coder/releases/tag/v2.33.8security-advisories@github.com
Release Notes
https://github.com/coder/coder/releases/tag/v2.34.2security-advisories@github.com
Release Notes
https://github.com/coder/coder/security/advisories/GHSA-f5vp-w269-392gsecurity-advisories@github.com
Patch
Vendor Advisory
Hyperlink: https://github.com/coder/coder/pull/26164
Source: security-advisories@github.com
Resource:
Issue Tracking
Patch
Hyperlink: https://github.com/coder/coder/releases/tag/v2.33.8
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/coder/coder/releases/tag/v2.34.2
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/coder/coder/security/advisories/GHSA-f5vp-w269-392g
Source: security-advisories@github.com
Resource:
Patch
Vendor Advisory
Change History
0Changes found

Details not found