A critical vulnerability (CVE-2026-46354, CVSS 9.1) was disclosed affecting Coder, a popular open-source remote development platform, allowing attackers to steal workspace agent session tokens, Git SSH private keys, and OAuth credentials via a forged PKCS#7 signature bypass. Due to the unauthenticated nature of the attack and the breadth of potential secret exposure, immediate patching is required.

About the Vulnerability: CVE-2026-46354

The issue originates from the azureidentity.Validate() function, where the PKCS#7 signature verification logic properly checks that a signer certificate chains to a trusted Azure CA but completely fails to verify the cryptographic signature on the PKCS#7 envelope itself. By sending a forged PKCS#7 envelope containing a legitimate Azure IMDS certificate (publicly available via Certificate Transparency logs) paired with arbitrary attacker-controlled content to the unauthenticated POST /api/v2/workspaceagents/azure-instance-identity endpoint, an attacker can trick Coder into issuing a valid workspace agent session token. The only prerequisite is knowledge of the target VM’s UUIDv4 identifier (vmId). No authentication is required to exploit this issue.

The following Coder v2 versions are affected:

  • v2.33.0-rc.0 through v2.33.2
  • v2.32.0-rc.0 through v2.32.1
  • v2.31.0 through v2.31.11
  • v2.30.0 through v2.30.7
  • v2.29.0 through v2.29.12
  • All versions prior to v2.24.5
  • Coder v1 (≤ 0.27.3) is also affected, with no patch available

These versions are widely used by organizations running Coder on Azure infrastructure for cloud-based developer workspaces. Any deployment using Azure instance identity authentication for workspace agents is vulnerable.

Risk Impact

At the time of writing, no public proof-of-concept exploit has been released, and there are no confirmed reports of active exploitation in the wild. However, the vulnerability was independently discovered by security researcher Ben Tran (calif.io) and the Anthropic Security Team (ANT-2026-22445), suggesting multiple parties identified this issue. The low complexity of exploitation (network-accessible, no authentication, no user interaction) and the severity of the impact make this vulnerability extremely high risk, especially for internet-facing Coder deployments.

Successful exploitation could allow attackers to steal workspace agent session tokens, enumerate and exfiltrate Git SSH private keys, harvest OAuth access tokens for GitHub, GitLab, and Bitbucket integrations, and potentially impersonate workspace owners to access corporate source code repositories and CI/CD pipelines. This could lead to supply chain compromise, intellectual property theft, and full infrastructure breach through stolen developer credentials.

Mitigation Recommendations

Users should upgrade to the following patched versions immediately:

  • v2.33.3
  • v2.32.2
  • v2.31.12
  • v2.30.8
  • v2.29.13
  • v2.24.5

As a temporary workaround, organizations should disable instance identity authentication in Azure within their Coder deployment configuration. Coder v1 users who cannot migrate to v2 should also disable this feature.

How can Orca help?

Orca enables customers to quickly identify assets running vulnerable versions of Coder, understand their exposure in context, including internet accessibility, runtime reachability, and asset criticality, and prioritize remediation based on real risk rather than CVSS alone. Orca’s platform highlights affected assets directly in the newItem view, helping security teams focus on the most critical remediation paths first.