CVE-2026-45796
Received Received - Intake

Unauthenticated SSRF in Coder via Azure Instance Identity

Vulnerability report for CVE-2026-45796, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-07

Last updated on: 2026-07-07

Assigner: GitHub, Inc.

Description

Coder allows organizations to provision remote development environments via Terraform. Versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3 are vulnerable to unauthenticated semi-blind Server-Side Request Forgery (SSRF) via the Azure instance identity endpoint (`POST /api/v2/workspaceagents/azure-instance-identity`). An external attacker can force the Coder server to issue HTTP GET requests to arbitrary internal or external hosts by submitting a crafted PKCS#7 signature. The server does not return the target's response body, but error messages in the API response reveal whether the target is reachable and what type of failure occurred. Versions 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3 patch the issue. As a workaround, if the Azure identity-auth mechanism is not being used then restrict access to the corresponding endpoint (`/api/v2/workspaceagents/azure-instance-identity`) using ingress firewall and/or proxy ACLs.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-07
Last Modified
2026-07-07
Generated
2026-07-08
AI Q&A
2026-07-08
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 6 associated CPEs
Vendor Product Version / Range
coder coder to 2.24.5 (exc)
coder coder to 2.29.13 (exc)
coder coder to 2.30.8 (exc)
coder coder to 2.31.12 (exc)
coder coder to 2.32.2 (exc)
coder coder to 2.33.3 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

This vulnerability involves an unauthenticated semi-blind Server-Side Request Forgery (SSRF) via the Azure instance identity endpoint at POST /api/v2/workspaceagents/azure-instance-identity. Detection can focus on monitoring for unusual POST requests to this endpoint.

You can detect potential exploitation attempts by inspecting network traffic or logs for POST requests to /api/v2/workspaceagents/azure-instance-identity with suspicious or crafted PKCS#7 signatures.

Commands to help detect this might include using tools like curl or wget to test the endpoint, or using network monitoring tools to filter traffic. For example, using tcpdump or tshark to capture HTTP POST requests to the vulnerable endpoint:

  • tcpdump -i <interface> -A -s 0 'tcp port 80 or tcp port 443 and (((tcp[((tcp[12:1] & 0xf0) >> 2):4]) = 0x504f5354)) and (tcp[((tcp[12:1] & 0xf0) >> 2)+5:30] contains "/api/v2/workspaceagents/azure-instance-identity")'
  • grep or search application logs for POST requests to /api/v2/workspaceagents/azure-instance-identity

Note that the server does not return the target's response body, but error messages in the API response reveal whether the target is reachable and what type of failure occurred, so monitoring API responses for such error messages may also help detect exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include upgrading the Coder software to one of the patched versions: 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, or 2.33.3.

If upgrading is not immediately possible, and if the Azure identity-auth mechanism is not being used, restrict access to the vulnerable endpoint (/api/v2/workspaceagents/azure-instance-identity) by using ingress firewall rules and/or proxy access control lists (ACLs).

Executive Summary

This vulnerability affects Coder versions prior to 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3. It is an unauthenticated semi-blind Server-Side Request Forgery (SSRF) via the Azure instance identity endpoint. An attacker can send a specially crafted PKCS#7 signature to the endpoint, causing the Coder server to make HTTP GET requests to arbitrary internal or external hosts.

Although the server does not return the response body from the target, error messages in the API response reveal whether the target is reachable and the type of failure that occurred. This allows an attacker to gather information about internal or external network resources.

The issue is patched in versions 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3. As a workaround, if the Azure identity-auth mechanism is not used, access to the vulnerable endpoint can be restricted using ingress firewall or proxy ACLs.

Impact Analysis

This vulnerability can allow an external attacker to make the Coder server send HTTP requests to arbitrary internal or external hosts, potentially exposing internal network information.

While the attacker does not get the response body, error messages can reveal whether a target is reachable and the nature of any failures, which can be used for network reconnaissance.

This could lead to information disclosure about internal infrastructure, which may be leveraged for further attacks or exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45796. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart