Vulnerability Report: GO-2026-5924
- CVE-2026-55431, GHSA-v54h-cp2w-9x4g
- Affects: github.com/coder/coder, github.com/coder/coder/v2
- Published: Jul 07, 2026
Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps in github.com/coder/coder
For detailed information about this vulnerability, visit https://github.com/coder/coder/security/advisories/GHSA-v54h-cp2w-9x4g.
Affected Packages
-
PathVersionsSymbols
Aliases
References
- https://github.com/coder/coder/security/advisories/GHSA-v54h-cp2w-9x4g
- https://github.com/coder/coder/pull/26146
- https://vuln.go.dev/ID/GO-2026-5924.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.