GHSA-x9qq-2qh5-8rxfMediumCVSS 5.4

Coder's sub-agent app registration bypasses template port-sharing policy enforcement

Published
July 6, 2026
Last Modified
July 6, 2026

🔗 CVE IDs covered (1)

📋 Description

Summary

The CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a workspace owner exceed the administrator's configured maximum.

Note: Exploitation requires the ability to register sub-agent apps in a workspace the attacker controls.

Impact

A workspace owner with an agent token could register a sub-agent app as PUBLIC even when the template's MaxPortSharingLevel was owner, exposing the app to unauthenticated users via the wildcard app domain. This affected only deployments using Enterprise port-sharing policy and wildcard app hostnames and required an authenticated workspace owner with an agent token.

Patches

The fix clamps the sub-agent app sharing level to the template's MaxPortSharingLevel.

The fix was backported to all supported release lines:

| Release line | Patched version | |---|---| | 2.34 | v2.34.2 | | 2.33 | v2.33.8 | | 2.32 | v2.32.7 | | 2.29 (ESR) | v2.29.17 |

Workarounds

Disable wildcard app hostnames (CODER_WILDCARD_ACCESS_URL) to block subdomain-based app routing.

Resources

  • Fix: #26061

Credits

Coder would like to thank Anthropic's Security Team (ANT-2026-22452) for independently disclosing this issue!

🎯 Affected products4

  • go/github.com/coder/coder/v2:>= 2.34.0, < 2.34.2
  • go/github.com/coder/coder/v2:>= 2.33.0, < 2.33.8
  • go/github.com/coder/coder/v2:>= 2.30.0, < 2.32.7
  • go/github.com/coder/coder/v2:< 2.29.17

🔗 References (3)