CVE-2026-55435
Summary
AI Bridge proxy endpoints authenticate via Server.IsAuthorized in coderd/aibridgedserver, which validates key format, expiry, secret and deleted or system users but does not check whether the account is suspended. Because suspension does not revoke existing API keys, a suspended user's unexpired token keeps working.
Note: Practical impact is limited to already-issued API keys of suspended users until those keys are deleted.
Impact
A suspended user with a previously issued long-lived token could continue calling AI Bridge LLM proxy endpoints, consuming paid provider resources billed to the deployment and, if injected MCP tools are enabled, invoking those tools. Access persists until the token expires, which may be months after suspension.
Patches
The fix makes AI Bridge authorization reject non-active users like the standard API key middleware. AI Bridge was introduced in v2.30.0. The v2.29 ESR line is not affected.
The fix is available in the following releases:
| Release line | Patched version |
|---|---|
| 2.34 | v2.34.2 |
| 2.33 | v2.33.8 |
| 2.32 | v2.32.7 |
Workarounds
On suspension, delete the user's API keys via DELETE /api/v2/users/{user}/keys.
Resources
- Fix: #26173
Credits
Coder would like to thank Anthropic's Security Team (ANT-2026-22446) for independently disclosing this issue!
⚡ Watch CVE-2026-55435
Get an email if CVE-2026-55435 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.32% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 23% of all EPSS-scored CVEs.
Advisory coverage (2)
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-55435)