{"data":{"id":"9f6b9ac8-2723-4e61-bb85-20c29f720e32","title":"GHSA-686c-7vgv-v3fx: Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint","summary":"Coder's Azure identity endpoint was vulnerable to SSRF (server-side request forgery, where an attacker tricks a server into making requests to unintended targets) because it accepted unsigned certificates and fetched arbitrary URLs without validation. An attacker could craft a fake certificate pointing to any internal or external address, forcing the Coder server to connect to it and reveal whether the target was reachable through error messages, enabling network reconnaissance and potential attacks on internal services.","solution":"Fixed in PR #25274 (commit 57b11d405). Upgrade to patched versions: v2.33.3, v2.32.2, v2.31.12, v2.30.8, v2.29.13, or v2.24.5 (ESR), depending on your release line.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-686c-7vgv-v3fx","publishedAt":"2026-05-19T19:53:51.000Z","cveId":"CVE-2026-45796","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["github.com/coder/coder@<= 0.27.3","github.com/coder/coder/v2@< 2.24.5 (fixed: 2.24.5)","github.com/coder/coder/v2@>= 2.29.0, < 2.29.13 (fixed: 2.29.13)","github.com/coder/coder/v2@>= 2.30.0, < 2.30.8 (fixed: 2.30.8)","github.com/coder/coder/v2@>= 2.31.0, < 2.31.12 (fixed: 2.31.12)"],"affectedVendors":[],"affectedVendorsRaw":["Coder"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-19T19:53:51.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}