PatchSiren cyber security CVE debrief
CVE-2026-55436 coder CVE debrief
CVE-2026-55436 is a high-severity vulnerability in Coder's AI Bridge Proxy. The vulnerability allows for a TLS certificate validation bypass, enabling an attacker to intercept and modify traffic between the AI Bridge Proxy and the Coder server. This issue was introduced in version 2.30.0 and fixed in versions 2.32.7, 2.33.8, and 2.34.2. The vulnerability has a CVSS score of 7.4 and is considered HIGH severity. The AI Bridge Proxy created a goproxy server with a default transport setting of InsecureSkipVerify: true, allowing any TLS certificate for outbound HTTPS connections to the Coder access URL.
- Vendor
- coder
- Product
- Unknown
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-08
Who should care
Organizations using Coder versions 2.30.0 through 2.32.6, 2.33.0 through 2.33.7, and 2.34.0 through 2.34.1 should apply the patches or workarounds to prevent exploitation. This includes operators, platform administrators, vulnerability management teams, and security teams responsible for ensuring the security of Coder deployments.
Technical summary
The AI Bridge Proxy (aibridgeproxyd) created a goproxy server with a default transport setting of InsecureSkipVerify: true, allowing any TLS certificate for outbound HTTPS connections to the Coder access URL. This insecure setting was only overridden when an upstream proxy was configured. An attacker in a man-in-the-middle position could exploit this vulnerability to intercept and modify traffic. The fix in versions 2.32.7, 2.33.8, and 2.34.2 applies the secure transport (TLS 1.2 or higher using system root CAs) unconditionally.
Defensive priority
High
Recommended defensive actions
- Apply patches in versions 2.32.7, 2.33.8, or 2.34.2
- Ensure the Coder access URL uses a trusted certificate
- Secure the network path between the AI Bridge Proxy and the Coder server
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-08T01:16:27.890Z and has not been modified since then. The NVD entry is currently 7.4 HIGH. There is limited information available about the vulnerability beyond the official CVE and NVD records. Defenders should verify the affected versions of Coder and review the official advisories for further details.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T01:16:27.890Z and has not been modified since then.