Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component
Summary
The AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded in workspace agent log lines was rendered as live markup. Server-side sanitization did not neutralize HTML metacharacters.
> Note: Exploitation requires a victim to view attacker-controlled agent logs in the dashboard.
Impact
A user who could run a workspace could emit arbitrary HTML into agent logs; when another user, including an administrator, viewed the workspace page, it rendered in their session. Content Security Policy blocked inline scripts but an attacker could still inject a meta refresh redirect, style rules for UI redressing or CSS-based exfiltration or external img beacons. This required workspace-owner access and a victim viewing the page.
Patches
The fix enables escapeXML: true so HTML metacharacters are escaped before DOM insertion.
The fix was backported to all supported release lines:
| Release line | Patched version | |---|---| | 2.34 | v2.34.2 | | 2.33 | v2.33.8 | | 2.32 | v2.32.7 | | 2.29 (ESR) | v2.29.17 |
Workarounds
None.
Resources
- Fix: #25808
Credits
Coder would like to thank Anthropic's Security Team (ANT-2026-22449) for independently disclosing this issue!