{"data":{"id":"a67ebd62-b089-43b5-bfef-70b5c87a67b3","title":"GHSA-wqxv-w64v-5wh6: Suspended Coder users retain access to AI Bridge LLM proxy endpoints","summary":"A security flaw in Coder's AI Bridge (a proxy for accessing LLM services) allowed suspended users to keep using their existing API keys (authentication tokens) because the system didn't check if an account was suspended, only if the key itself was valid. This meant a suspended user could continue making expensive AI requests until their token expired, which could be months later.","solution":"The fix is available in patched versions: v2.34.2, v2.33.8, and v2.32.7. As a workaround before updating, administrators can immediately delete a suspended user's API keys by calling `DELETE /api/v2/users/{user}/keys` to revoke their access.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-wqxv-w64v-5wh6","publishedAt":"2026-07-06T21:11:20.000Z","cveId":"CVE-2026-55435","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":["github.com/coder/coder/v2@>= 2.30.0, < 2.32.7 (fixed: 2.32.7)","github.com/coder/coder/v2@>= 2.33.0, < 2.33.8 (fixed: 2.33.8)","github.com/coder/coder/v2@>= 2.34.0, < 2.34.2 (fixed: 2.34.2)"],"affectedVendors":[],"affectedVendorsRaw":["Coder","Anthropic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-07-06T21:11:20.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}