CVE-2026-30970
Received Received - Intake
Unauthorized Resource Exhaustion via Session Creation in Coral Server

Publication date: 2026-03-10

Last updated on: 2026-03-13

Assigner: GitHub, Inc.

Description
Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server allowed the creation of agent sessions through the /api/v1/sessions endpoint without strong authentication. This endpoint performs resource-intensive initialization operations including container spawning and memory context creation. An attacker capable of accessing the endpoint could create sessions or consume system resources without proper authorization. This vulnerability is fixed in 1.1.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-03-13
Generated
2026-06-16
AI Q&A
2026-03-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-30970
EUVD
EUVD-2026-10708
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
coralos coral_server to 1.1.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-30970 is a session authentication bypass vulnerability in Coral Server versions 1.0.1 and earlier. It affects the /api/v1/sessions endpoint, which allowed creation of agent sessions without strong authentication.

This endpoint performs resource-intensive operations such as container spawning and memory context creation. Because of the lack of proper authentication, an attacker could create sessions or consume system resources without authorization.

The vulnerability was fixed in Coral Server version 1.1.0 by requiring authenticated access to this endpoint.

Impact Analysis

This vulnerability can allow an attacker to create unauthorized sessions or consume system resources without permission.

Because the endpoint performs resource-intensive operations, an attacker could exhaust system resources, potentially causing denial of service (DoS) conditions.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring access to the /api/v1/sessions endpoint on Coral Server versions 1.0.1 and earlier. Since the endpoint allows unauthenticated session creation, unusual or unauthorized requests to this endpoint may indicate exploitation attempts.'}, {'type': 'paragraph', 'content': 'You can use network monitoring tools or web server logs to identify requests to /api/v1/sessions without proper authentication.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect potential exploitation attempts include:'}, {'type': 'list_item', 'content': 'Using curl to test if the endpoint allows session creation without authentication: curl -X POST http://<server_address>/api/v1/sessions'}, {'type': 'list_item', 'content': 'Using grep to search web server logs for unauthenticated POST requests to the endpoint: grep "/api/v1/sessions" /var/log/nginx/access.log | grep POST'}, {'type': 'list_item', 'content': 'Using network monitoring tools like tcpdump or Wireshark to capture traffic targeting the /api/v1/sessions endpoint.'}] [1]

Mitigation Strategies

The immediate mitigation step is to upgrade Coral Server to version 1.1.0 or later, where the vulnerability is fixed by requiring authenticated access to the /api/v1/sessions endpoint.

If upgrading immediately is not possible, restrict access to the /api/v1/sessions endpoint by implementing network-level controls such as firewall rules or API gateway restrictions to limit access only to authorized users or systems.

Additionally, monitor system resource usage to detect and respond to any unusual consumption that may indicate exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30970. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart