CVE-2026-30969 is an authorization bypass vulnerability categorized under CWE-639 (Authorization Bypass Through User-Controlled Key) affecting Coral-Protocol's coral-server software versions earlier than 1.1.0. Coral Server facilitates communication, coordination, trust, and payments within the Internet of Agents framework. The vulnerability stems from inadequate enforcement of strong authentication between agents and the server during active sessions. Specifically, the server does not sufficiently verify the legitimacy of session identifiers, allowing an attacker who can obtain or predict a valid session ID to impersonate an agent or join an existing session without proper authorization. This flaw compromises the integrity and confidentiality of agent communications and transactions. The vulnerability has a CVSS 4.0 base score of 7.6, reflecting network attack vector, high complexity, no user interaction, and partial privileges required. No known exploits are currently reported in the wild. The issue is resolved in coral-server version 1.1.0 by enforcing stronger authentication mechanisms within active sessions to prevent session hijacking or unauthorized session joining.

The vulnerability allows attackers to impersonate legitimate agents or join active sessions, potentially leading to unauthorized access to sensitive communications, coordination data, and payment transactions within the Internet of Agents ecosystem. This could result in data breaches, fraudulent transactions, disruption of agent coordination, and erosion of trust in the infrastructure. Organizations relying on coral-server for critical agent-based services may face operational disruptions and reputational damage. Given the network-based attack vector and the ability to exploit with low privileges, the threat could be leveraged by remote attackers to compromise multiple agents or sessions, amplifying the impact. The lack of user interaction requirement facilitates automated exploitation attempts. Although no exploits are currently known, the high severity score indicates significant risk if exploited.

1. Upgrade coral-server installations to version 1.1.0 or later immediately to apply the official fix enforcing strong authentication within active sessions. 2. Implement robust session management practices, including generating cryptographically secure, unpredictable session identifiers and limiting session lifetime. 3. Employ network segmentation and access controls to restrict exposure of coral-server endpoints to trusted networks and agents only. 4. Monitor session activity logs for anomalies such as unexpected session joins or agent impersonations. 5. Use multi-factor authentication or mutual TLS authentication between agents and the server where feasible to strengthen identity verification. 6. Regularly audit and update agent credentials and session handling policies to minimize risk of session ID compromise. 7. Educate administrators and developers on secure session handling and the importance of patching vulnerable versions promptly.