CVE-2026-30970 is a missing authorization vulnerability (CWE-862) found in Coral-Protocol's coral-server software prior to version 1.1.0. Coral Server facilitates communication, coordination, trust, and payments within the Internet of Agents ecosystem. The vulnerability resides in the /api/v1/sessions REST API endpoint, which allows creation of agent sessions without enforcing strong authentication or authorization controls. This endpoint initiates resource-intensive operations including spawning containers and creating memory contexts for each session. Because no authentication or user interaction is required, an attacker with network access to this endpoint can repeatedly create sessions, consuming excessive CPU, memory, and container resources. This can degrade system performance or cause denial of service conditions, impacting availability. The vulnerability has a CVSS 4.0 base score of 8.8, reflecting its ease of exploitation and high impact on availability and integrity. No known exploits are currently reported in the wild, but the vulnerability is publicly disclosed and fixed in coral-server version 1.1.0. Organizations running earlier versions should apply the update promptly. Additional mitigations include restricting network access to the API endpoint and monitoring for abnormal session creation patterns. This vulnerability highlights the critical need for robust authorization checks on resource-intensive API operations in distributed agent infrastructures.

The primary impact of CVE-2026-30970 is on system availability and integrity. An attacker can exploit the missing authorization to create numerous agent sessions, each triggering resource-heavy operations such as container spawning and memory allocation. This can lead to resource exhaustion, causing denial of service for legitimate users and potentially destabilizing the entire Coral Server environment. The lack of authentication requirements means the attack can be launched remotely without credentials, increasing the attack surface. Organizations relying on Coral Server for critical Internet of Agents functions—such as communication, coordination, and payments—may experience service outages or degraded performance, disrupting business operations and trust mechanisms. Additionally, the vulnerability could be leveraged as part of a larger attack chain to weaken infrastructure resilience. Although no exploits are currently known in the wild, the public disclosure and high CVSS score indicate a significant risk if unpatched. The impact extends to any entity deploying vulnerable versions, especially those with exposed or poorly segmented network environments.

1. Upgrade coral-server to version 1.1.0 or later immediately to apply the official fix that enforces proper authorization on the /api/v1/sessions endpoint. 2. Restrict network access to the /api/v1/sessions endpoint using firewalls, VPNs, or API gateways to limit exposure only to trusted clients and internal systems. 3. Implement rate limiting and anomaly detection on session creation requests to identify and block abnormal usage patterns indicative of abuse or attack. 4. Employ container and resource usage monitoring to detect spikes in resource consumption that may signal exploitation attempts. 5. Conduct regular security audits and penetration testing focused on API authorization controls and resource-intensive operations. 6. Harden the underlying infrastructure by isolating Coral Server components in segmented network zones and applying least privilege principles. 7. Maintain up-to-date incident response plans to quickly address potential denial of service or resource exhaustion events related to this vulnerability. These steps go beyond generic advice by focusing on access control, monitoring, and infrastructure segmentation tailored to the nature of this vulnerability.