VDB
KO

GO-2026-5923

Coder's workspace agent API insecure redirect handling allowed cross-agent file read and write in github.com/coder/coder

Details

Coder's workspace agent API insecure redirect handling allowed cross-agent file read and write in github.com/coder/coder

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/coder/coder
Introduced in: 0

No fixed version published yet for github.com/coder/coder (go modules). Pin to a known-safe version or switch to an alternative.

Go / github.com/coder/coder/v2
Introduced in: 2.27.0 Fixed in: 2.29.19
Fix go get github.com/coder/coder/v2@v2.29.19

References