{"data":{"id":"3a55435c-b77e-424a-92b7-0a5788a82f40","title":"GHSA-wrq8-fcv5-8hvp: Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator","summary":"Coder's tailnet coordinator (the server managing a private network) didn't validate that `AllowedIPs` (IP address ranges an agent claims to serve) matched the agent's identity, even though it did validate the agent's regular addresses. This let a malicious authenticated agent claim another agent's IP address and intercept traffic meant for that agent, such as web terminal sessions. Exploiting this required an authenticated user with a modified agent binary.","solution":"Upgrade to a patched version: v2.34.2 (for release line 2.34), v2.33.8 (for 2.33), v2.32.7 (for 2.32), or v2.29.17 (for ESR 2.29). The fix validates each `AllowedIPs` prefix against the authenticating agent's UUID, matching how `Addresses` are already validated. If you cannot upgrade immediately, monitor coordinator logs for agents advertising unexpected `AllowedIPs` prefixes.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-wrq8-fcv5-8hvp","publishedAt":"2026-07-06T20:58:30.000Z","cveId":"CVE-2026-55428","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["github.com/coder/coder/v2@< 2.29.17 (fixed: 2.29.17)","github.com/coder/coder/v2@>= 2.30.0, < 2.32.7 (fixed: 2.32.7)","github.com/coder/coder/v2@>= 2.33.0, < 2.33.8 (fixed: 2.33.8)","github.com/coder/coder/v2@>= 2.34.0, < 2.34.2 (fixed: 2.34.2)"],"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Coder","Anthropic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-07-06T20:58:30.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":["AML.T0010"]}}