CRITICAL9.1CVE-2026-46354Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft >= 2.33.0-rc.0, < 2.33.3
HIGH8.2CVE-2024-27918Incorrect email domain verification in github.com/coder/coder from 0, < 2.6.1, >= 2.7.0, < 2.7.3, >= 2.8.0, < 2.8.4
HIGH8.2CVE-2024-27918Incorrect email domain verification in github.com/coder/coder >= 2.8.0, < 2.8.4
HIGH8.1Coder vulnerable to privilege escalation could lead to a cross workspace compromise in github.com/coder/coder
>= 2.22.0, < 2.24.4, >= 2.25.0, < 2.25.2
HIGH8.1Coder vulnerable to privilege escalation could lead to a cross workspace compromise in github.com/coder/coder
>= 2.22.0, < 2.24.4
HIGH7.8Coder logs sensitive objects unsanitized in github.com/coder/coder
from 0, < 2.26.5, >= 2.27.0, < 2.27.7, >= 2.28.0, < 2.28.4
HIGH7.8Coder logs sensitive objects unsanitized in github.com/coder/coder
from 0, < 2.26.5
MEDIUM6.5Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint
>= 2.33.0-rc.0, < 2.33.3