Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component
🔗 CVE IDs covered (1)
📋 Description
Summary
The AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded in workspace agent log lines was rendered as live markup. Server-side sanitization did not neutralize HTML metacharacters.
Note: Exploitation requires a victim to view attacker-controlled agent logs in the dashboard.
Impact
A user who could run a workspace could emit arbitrary HTML into agent logs; when another user, including an administrator, viewed the workspace page, it rendered in their session. Content Security Policy blocked inline scripts but an attacker could still inject a meta refresh redirect, style rules for UI redressing or CSS-based exfiltration or external img beacons. This required workspace-owner access and a victim viewing the page.
Patches
The fix enables escapeXML: true so HTML metacharacters are escaped before DOM insertion.
The fix was backported to all supported release lines:
| Release line | Patched version | |---|---| | 2.34 | v2.34.2 | | 2.33 | v2.33.8 | | 2.32 | v2.32.7 | | 2.29 (ESR) | v2.29.17 |
Workarounds
None.
Resources
- Fix: #25808
Credits
Coder would like to thank Anthropic's Security Team (ANT-2026-22449) for independently disclosing this issue!
🎯 Affected products4
- go/github.com/coder/coder/v2:>= 2.34.0, < 2.34.2
- go/github.com/coder/coder/v2:>= 2.33.0, < 2.33.8
- go/github.com/coder/coder/v2:>= 2.30.0, < 2.32.7
- go/github.com/coder/coder/v2:< 2.29.17