CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GHSA-wqxv-w64v-5wh6: Suspended Coder users retain access to AI Bridge LLM proxy endpoints

mediumCVSS 5.4CVE-2026-55435
Summary AI Bridge proxy endpoints authenticate via Server.IsAuthorized in coderd/aibridgedserver, which validates key format, expiry, secret and deleted or system users but does not check whether the account is suspended. Because suspension does not revoke existing API keys, a suspended user's unexpired token keeps working. Note: Practical impact is limited to already-issued API keys of suspended users until those keys are deleted. Impact A suspended user with a previously issued long-lived token could continue calling AI Bridge LLM proxy endpoints, consuming paid provider resources billed to the deployment and, if injected MCP tools are enabled, invoking those tools. Access persists until the token expires, which may be months after suspension. Patches The fix makes AI Bridge authorization reject non-active users like the standard API key middleware. AI Bridge was introduced in v2.30.0. The v2.29 ESR line is not affected. The fix is available in the following releases: | Release line | Patched version | |---|---| | 2.34 | v2.34.2 | | 2.33 | v2.33.8 | | 2.32 | v2.32.7 | Workarounds On suspension, delete the user's API keys via DELETE /api/v2/users/{user}/keys. Resources - Fix: #26173 Credits Coder would like to thank Anthropic's Security Team (ANT-2026-22446) for independently disclosing this issue!

Details

Source
GitHub Security Advisories (INTL · database · site)
Severity
medium — CVSS 5.4
Published
2026-07-06
Last updated
2026-07-07
Exploitation
Not in CISA KEV at last sync

Original advisory: https://github.com/advisories/GHSA-wqxv-w64v-5wh6

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-55435coverage & exploitation statusNVD · CVE.org

Same CVEs, other sources

How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.

More from GitHub Security Advisories