Threats Tagged 'cve-2026-55427'
View all threats tagged with 'cve-2026-55427'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-55427'
Click on any threat for detailed analysis and mitigation recommendations
GHSA-mcqq-fqgf-rxwm: Coder vulnerable to SSH config injection via unsanitized server-supplied values in `coder config-ssh`CVE-2026-55427 0 The vulnerability in Coder's `config-ssh` command allows a malicious or compromised server to inject arbitrary SSH configuration directives into the user's ~/.ssh/config file. This occurs because server-supplied values for `HostnameSuffix` and `SSHConfigOptions` were not sanitized for embedded newlines or restricted directives. Exploitation requires control over these server-supplied values, such as via a compromised server or man-in-the-middle position. Injected directives like `ProxyCommand` can lead to arbitrary code execution with the local user's privileges, affecting all SSH connections initiated by that user. The issue has been fixed by validating these inputs against a strict character set that excludes newlines and control characters. Patched versions are available in multiple release lines. Join the discussion | GCVE Database | 07/06/2026, 20:53:54 UTC Added: 07/06/2026, 23:02:27 UTC |
Showing 1 to 1 of 1 result