github.com/coder/coder/v2

CVE-2026-45796

CVE-2026-45796 is a medium-severity server-side request forgery (SSRF) vulnerability in github.com/coder/coder/v2 (go), affecting versions >= 2.33.0-rc.0, < 2.33.3. It is fixed in 2.33.3, 2.32.2, 2.31.12, 2.30.8, 2.29.13, 2.24.5.

Key facts
CVSS score
6.5
Medium
Attack vector
Network
Issuing authority
GitHub Advisory Database
Affected package
github.com/coder/coder/v2
Fixed in
2.33.3, 2.32.2, 2.31.12, 2.30.8, 2.29.13, 2.24.5
Disclosed
2026

Summary

Summary Unauthenticated semi-blind Server-Side Request Forgery (SSRF) via the Azure instance identity endpoint (POST /api/v2/workspaceagents/azure-instance-identity). An external attacker can force the Coder server to issue HTTP GET requests to arbitrary internal or external hosts by submitting a crafted PKCS#7 signature. The server does not return the target's response body, but error messages in the API response reveal whether the target is reachable and what type of failure occurred. Details The POST /api/v2/workspaceagents/azure-instance-identity endpoint accepts a PKCS#7 signature without authentication. During certificate chain verification, azureidentity.Validate() iterates over the signer certificate's IssuingCertificateURL extension and fetches each URL using http.DefaultClient with no host restriction, no private-IP blocking, and no response-size limit. An attacker crafts a self-signed certificate whose Common Name matches *.metadata.azure.com (passing the allowedSigners regex) and whose IssuingCertificateURL points to an attacker-chosen target. The server fetches that URL and feeds the response body into x509.ParseCertificate. The parsed result is discarded, but the wrapped error string is returned verbatim in the JSON response via Detail: err.Error(). Connection-level errors ("connection refused", "i/o timeout", DNS failures) and certificate-parse errors give the attacker enough signal to infer host reachability and port state without seeing the actual response content. Root causes: No allowlist on IssuingCertificateURL hosts. Any URL was accepted. http.DefaultClient was used. It follows redirects and connects to private, link-local, and loopback addresses. Unbounded io.ReadAll on the response body (memory exhaustion vector). Raw err.Error() was returned in the JSON response, leaking internal HTTP client errors to the caller. Impact This is a semi-blind SSRF: the server makes the outbound request but the HTTP response body is consumed by x509.ParseCertificate and never returned to the attacker. Internal network reconnaissance. The attacker can map internal hosts and ports by observing error differentiation in the API response: "connection refused" (port closed), "i/o timeout" (host unreachable or firewalled), DNS failure (host does not exist), or certificate-parse error (port open and responding). This enables systematic scanning of the internal network from the Coder server's vantage point. Requests to sensitive endpoints. The server can be directed to hit cloud metadata services (e.g. http://169.254.169.254/), internal admin interfaces, or other services. The attacker cannot read the response content, but the request itself may have side effects depending on the target. Error-based information disclosure. Wrapped Go HTTP client errors in the Detail field expose internal hostnames, IP addresses, port numbers, and network topology details. Memory exhaustion. The unbounded io.ReadAll on the response body allows an attacker to point IssuingCertificateURL at a large resource, forcing the server to buffer it entirely in memory. Patches Fixed in #25274 (commit 57b11d405): The fix was backported to all supported release lines: | Release line | Patched version | |---|---| | 2.33 | v2.33.3 | | 2.32 | v2.32.2 | | 2.31 | v2.31.12 | | 2.30 | v2.30.8 | | 2.29 | v2.29.13 | | 2.24 (ESR) | v2.24.5 | Workarounds If the Azure identity-auth mechanism is not being used then restrict access to the corresponding endpoint (/api/v2/workspaceagents/azure-instance-identity) using ingress firewall and/or proxy ACLs. Recognition We'd like to thank Ben Tran of calif.io and Anthropic's Security Team (ANT-2026-22447) for independently disclosing this issue!

Impact

What is server-side request forgery (SSRF)?

Untrusted input controls the target URL of a server-initiated request, which may reach internal services not otherwise accessible from outside. Typical impact: access to internal metadata services, internal APIs, or cloud credentials.

Severity and exposure

CVE-2026-45796 has a CVSS score of 6.5 (Medium). The vector is network-reachable, no privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment.

A fixed version is available (2.33.3, 2.32.2, 2.31.12, 2.30.8, 2.29.13, 2.24.5). Upgrading removes the vulnerable code path.

Affected versions

go

  • github.com/coder/coder/v2 (>= 2.33.0-rc.0, < 2.33.3)
  • github.com/coder/coder/v2 (>= 2.32.0-rc.0, < 2.32.2)
  • github.com/coder/coder/v2 (>= 2.31.0, < 2.31.12)
  • github.com/coder/coder/v2 (>= 2.30.0, < 2.30.8)
  • github.com/coder/coder/v2 (>= 2.29.0, < 2.29.13)
  • github.com/coder/coder/v2 (< 2.24.5)
  • github.com/coder/coder (<= 0.27.3)

Security releases

  • github.com/coder/coder/v2 → 2.33.3 (go)
  • github.com/coder/coder/v2 → 2.32.2 (go)
  • github.com/coder/coder/v2 → 2.31.12 (go)
  • github.com/coder/coder/v2 → 2.30.8 (go)
  • github.com/coder/coder/v2 → 2.29.13 (go)
  • github.com/coder/coder/v2 → 2.24.5 (go)
Kodem intelligence

Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.

Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter instead of chasing every advisory.

Kodem's runtime-powered SCA identifies whether CVE-2026-45796 is reachable in your applications. Explore open-source security for your team.

See if CVE-2026-45796 is reachable in your applications. Get a demo

Already deployed Kodem? See CVE-2026-45796 in your environment

Remediation advice

Upgrade the following packages to resolve this vulnerability:

  • Upgrade github.com/coder/coder/v2 to 2.33.3 or later
  • Upgrade github.com/coder/coder/v2 to 2.32.2 or later
  • Upgrade github.com/coder/coder/v2 to 2.31.12 or later
  • Upgrade github.com/coder/coder/v2 to 2.30.8 or later
  • Upgrade github.com/coder/coder/v2 to 2.29.13 or later
  • Upgrade github.com/coder/coder/v2 to 2.24.5 or later

Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.

Frequently asked questions about CVE-2026-45796

What is CVE-2026-45796?

CVE-2026-45796 is a medium-severity server-side request forgery (SSRF) vulnerability in github.com/coder/coder/v2 (go), affecting versions >= 2.33.0-rc.0, < 2.33.3. It is fixed in 2.33.3, 2.32.2, 2.31.12, 2.30.8, 2.29.13, 2.24.5. Untrusted input controls the target URL of a server-initiated request, which may reach internal services not otherwise accessible from outside.

How severe is CVE-2026-45796?

CVE-2026-45796 has a CVSS score of 6.5 (Medium). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.

Which packages are affected by CVE-2026-45796?
  • github.com/coder/coder/v2 (go) (versions >= 2.33.0-rc.0, < 2.33.3)
  • github.com/coder/coder (go) (versions <= 0.27.3)
Is there a fix for CVE-2026-45796?

Yes. CVE-2026-45796 is fixed in 2.33.3, 2.32.2, 2.31.12, 2.30.8, 2.29.13, 2.24.5. Upgrade to this version or later.

Is CVE-2026-45796 exploitable, and should I be worried?

Whether CVE-2026-45796 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo

What actually determines whether CVE-2026-45796 is exploitable, and how bad it is?

Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.

How do I fix CVE-2026-45796?
  • Upgrade github.com/coder/coder/v2 to 2.33.3 or later
  • Upgrade github.com/coder/coder/v2 to 2.32.2 or later
  • Upgrade github.com/coder/coder/v2 to 2.31.12 or later
  • Upgrade github.com/coder/coder/v2 to 2.30.8 or later
  • Upgrade github.com/coder/coder/v2 to 2.29.13 or later
  • Upgrade github.com/coder/coder/v2 to 2.24.5 or later

Stop the waste.
Protect your environment with Kodem.