Threats Tagged 'cve-2026-55438'
View all threats tagged with 'cve-2026-55438'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-55438'
Click on any threat for detailed analysis and mitigation recommendations
GHSA-5wg6-jmq2-53pw: Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofingCVE-2026-55438 0 Coder's workspace app proxy had a vulnerability in its CORS origin check that could be bypassed via UUID-based subdomain spoofing. This allowed an attacker to craft a subdomain encoding their own workspace UUID and a victim's username, potentially enabling cross-origin requests to the victim's workspace apps if the victim visited the attacker's URL while authenticated. The issue was fixed by validating the subdomain username against the actual workspace owner and basing CORS decisions on the authoritative owner identity. Patched versions are available across multiple release lines. No workarounds exist. Join the discussion | GCVE Database | 07/06/2026, 21:14:49 UTC Added: 07/06/2026, 23:02:26 UTC |
Showing 1 to 1 of 1 result