PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-55436 coder CVE debrief

CVE-2026-55436 is a high-severity vulnerability in Coder's AI Bridge Proxy. The vulnerability allows for a TLS certificate validation bypass, enabling an attacker to intercept and modify traffic between the AI Bridge Proxy and the Coder server. This issue was introduced in version 2.30.0 and fixed in versions 2.32.7, 2.33.8, and 2.34.2. The vulnerability has a CVSS score of 7.4 and is considered HIGH severity. The AI Bridge Proxy created a goproxy server with a default transport setting of InsecureSkipVerify: true, allowing any TLS certificate for outbound HTTPS connections to the Coder access URL.

Vendor
coder
Product
Unknown
CVSS
HIGH 7.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-08
Original CVE updated
2026-07-08
Advisory published
2026-07-08
Advisory updated
2026-07-08

Who should care

Organizations using Coder versions 2.30.0 through 2.32.6, 2.33.0 through 2.33.7, and 2.34.0 through 2.34.1 should apply the patches or workarounds to prevent exploitation. This includes operators, platform administrators, vulnerability management teams, and security teams responsible for ensuring the security of Coder deployments.

Technical summary

The AI Bridge Proxy (aibridgeproxyd) created a goproxy server with a default transport setting of InsecureSkipVerify: true, allowing any TLS certificate for outbound HTTPS connections to the Coder access URL. This insecure setting was only overridden when an upstream proxy was configured. An attacker in a man-in-the-middle position could exploit this vulnerability to intercept and modify traffic. The fix in versions 2.32.7, 2.33.8, and 2.34.2 applies the secure transport (TLS 1.2 or higher using system root CAs) unconditionally.

Defensive priority

High

Recommended defensive actions

  • Apply patches in versions 2.32.7, 2.33.8, or 2.34.2
  • Ensure the Coder access URL uses a trusted certificate
  • Secure the network path between the AI Bridge Proxy and the Coder server
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-08T01:16:27.890Z and has not been modified since then. The NVD entry is currently 7.4 HIGH. There is limited information available about the vulnerability beyond the official CVE and NVD records. Defenders should verify the affected versions of Coder and review the official advisories for further details.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T01:16:27.890Z and has not been modified since then.