CVE-2026-30969

EPSS 0.06%
Veröffentlicht 10.03.2026 17:27:24
Zuletzt bearbeitet 13.03.2026 19:51:36
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who obtained or predicted a session identifier to impersonate an agent or join an existing session. This vulnerability is fixed in 1.1.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Coralos ≫ Coral Server Version < 1.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.191

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
security-advisories@github.com	7.6	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://github.com/Coral-Protocol/coral-server/releases/tag/v1.1.0

Release Notes

https://github.com/Coral-Protocol/coral-server/security/advisories/GHSA-ccx7-7wv9-c55x

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-30969

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-30969

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-30969

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-30969