{"data":{"id":"db193904-f43c-420f-ac98-b7c36efe5e5b","title":"GHSA-mcqq-fqgf-rxwm: Coder vulnerable to SSH config injection via unsanitized server-supplied values in `coder config-ssh`","summary":"Coder's `coder config-ssh` command didn't properly check server-supplied SSH settings (HostnameSuffix, SSHConfigOptions) before writing them to the user's SSH configuration file, allowing a malicious or compromised server to inject arbitrary SSH configuration directives. An attacker controlling the server could inject commands like ProxyCommand to execute arbitrary code on a developer's workstation with that user's privileges.","solution":"Update to a patched version: v2.34.2 (for release line 2.34), v2.33.8 (for 2.33), v2.32.7 (for 2.32), or v2.29.17 (for 2.29 ESR). The fix validates HostnameSuffix and SSHConfigOptions against a strict character set that rejects newlines and other control characters. As a temporary workaround before updating, inspect the output of `coder config-ssh --dry-run` before applying changes.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-mcqq-fqgf-rxwm","publishedAt":"2026-07-06T20:53:54.000Z","cveId":"CVE-2026-55427","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["github.com/coder/coder/v2@< 2.29.17 (fixed: 2.29.17)","github.com/coder/coder/v2@>= 2.30.0, < 2.32.7 (fixed: 2.32.7)","github.com/coder/coder/v2@>= 2.33.0, < 2.33.8 (fixed: 2.33.8)","github.com/coder/coder/v2@>= 2.34.0, < 2.34.2 (fixed: 2.34.2)"],"affectedVendors":[],"affectedVendorsRaw":["Coder","Anthropic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-07-06T20:53:54.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.72,"researchCategory":null,"atlasIds":["AML.T0010"]}}