PatchSiren cyber security CVE debrief
CVE-2026-55432 coder CVE debrief
CVE-2026-55432 is a vulnerability in Coder, a tool for provisioning remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the `CreateSubAgent` RPC did not validate a requested app sharing level against the template's `MaxPortSharingLevel` before persisting workspace apps. This could let a workspace owner exceed the administrator's configured maximum. Exploitation requires the ability to register sub-agent apps in a workspace the attacker controls. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 clamps the sub-agent app sharing level to the template's `MaxPortSharingLevel`.
- Vendor
- coder
- Product
- Unknown
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-08
Who should care
Administrators and users of Coder versions prior to 2.29.7, 2.32.7, 2.33.8, and 2.34.2 should be aware of this vulnerability and take steps to mitigate it. This includes reviewing the configuration of their Coder instances, ensuring that the maximum port sharing level is properly set, and monitoring for potential exploitation.
Technical summary
The `CreateSubAgent` RPC in Coder did not properly validate app sharing levels, allowing potential escalation of privileges. The fix clamps the sub-agent app sharing level to the template's `MaxPortSharingLevel`. This vulnerability requires the ability to register sub-agent apps in a workspace the attacker controls. Administrators should review the configuration of their Coder instances to ensure that the maximum port sharing level is properly set.
Defensive priority
Medium
Recommended defensive actions
- Update to Coder versions 2.29.7, 2.32.7, 2.33.8, or 2.34.2 or later
- Disable wildcard app hostnames (CODER_WILDCARD_ACCESS_URL) as a workaround
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
Evidence notes
The CVE record was published on 2026-07-08T01:16:27.620Z and has not been modified since then. The NVD entry is currently 5.4 MEDIUM. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The CVE record does not provide additional details on the exploitation of this vulnerability.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T01:16:27.620Z and has not been modified since then.