CVE-2026-55427

GHSA-mcqq-fqgf-rxwm HIGH
Published July 6, 2026

### Summary `coder config-ssh` wrote server-supplied SSH settings (`HostnameSuffix`, `SSHConfigOptions`) into the user's `~/.ssh/config` without sanitizing embedded newlines or restricting directives so a malicious or compromised Coder server could inject arbitrary SSH configuration. > **Note:**...

Full CISO analysis pending enrichment.

What systems are affected?

Package Ecosystem Vulnerable Range Patched
Anthropic Python go >= 2.34.0, < 2.34.2 2.34.2
3.7K 5.4K dependents Pushed 4d ago 95% patched ~3d to patch Full package profile →

Do you use Anthropic Python? You're affected.

How severe is it?

CVSS 3.1
8.3 / 10
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

What is the attack surface?

AV AC PR UI S C I A
AV Network
AC High
PR None
UI Required
S Changed
C High
I High
A High

What should I do?

Patch available

Update Anthropic Python to version 2.34.2

Which compliance frameworks are affected?

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-55427?

### Summary `coder config-ssh` wrote server-supplied SSH settings (`HostnameSuffix`, `SSHConfigOptions`) into the user's `~/.ssh/config` without sanitizing embedded newlines or restricting directives so a malicious or compromised Coder server could inject arbitrary SSH configuration. > **Note:** Practical exploitation requires control of the server-supplied values through a malicious or compromised deployment, a man-in-the-middle position or admin access to the `HostnameSuffix` and `SSHConfigOptions` settings. ### Impact A server administrator or an attacker who controlled the server, could inject a directive such as `ProxyCommand` and achieve arbitrary code execution on any developer workstation that ran `coder config-ssh`. Injected commands ran with the local user's privileges and applied to all SSH connections, not just Coder workspaces. ### Patches The fix validates `HostnameSuffix` and `SSHConfigOptions` against a strict character set that rejects newlines and other control characters. The fix was backported to all supported release lines: | Release line | Patched version | |---|---| | 2.34 | [v2.34.2](https://github.com/coder/coder/releases/tag/v2.34.2) | | 2.33 | [v2.33.8](https://github.com/coder/coder/releases/tag/v2.33.8) | | 2.32 | [v2.32.7](https://github.com/coder/coder/releases/tag/v2.32.7) | | 2.29 (ESR) | [v2.29.17](https://github.com/coder/coder/releases/tag/v2.29.17) | ### Workarounds Inspect `coder config-ssh --dry-run` output before applying changes. ### Resources - Fix: #26154 ### Credits Coder would like to thank Anthropic's Security Team (ANT-2026-22437) for independently disclosing this issue!

Is CVE-2026-55427 actively exploited?

No confirmed active exploitation of CVE-2026-55427 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-55427?

Update to patched version: Anthropic Python 2.34.2.

What is the CVSS score for CVE-2026-55427?

CVE-2026-55427 has a CVSS v3.1 base score of 8.3 (HIGH).

What are the technical details?

Original Advisory

### Summary `coder config-ssh` wrote server-supplied SSH settings (`HostnameSuffix`, `SSHConfigOptions`) into the user's `~/.ssh/config` without sanitizing embedded newlines or restricting directives so a malicious or compromised Coder server could inject arbitrary SSH configuration. > **Note:** Practical exploitation requires control of the server-supplied values through a malicious or compromised deployment, a man-in-the-middle position or admin access to the `HostnameSuffix` and `SSHConfigOptions` settings. ### Impact A server administrator or an attacker who controlled the server, could inject a directive such as `ProxyCommand` and achieve arbitrary code execution on any developer workstation that ran `coder config-ssh`. Injected commands ran with the local user's privileges and applied to all SSH connections, not just Coder workspaces. ### Patches The fix validates `HostnameSuffix` and `SSHConfigOptions` against a strict character set that rejects newlines and other control characters. The fix was backported to all supported release lines: | Release line | Patched version | |---|---| | 2.34 | [v2.34.2](https://github.com/coder/coder/releases/tag/v2.34.2) | | 2.33 | [v2.33.8](https://github.com/coder/coder/releases/tag/v2.33.8) | | 2.32 | [v2.32.7](https://github.com/coder/coder/releases/tag/v2.32.7) | | 2.29 (ESR) | [v2.29.17](https://github.com/coder/coder/releases/tag/v2.29.17) | ### Workarounds Inspect `coder config-ssh --dry-run` output before applying changes. ### Resources - Fix: #26154 ### Credits Coder would like to thank Anthropic's Security Team (ANT-2026-22437) for independently disclosing this issue!

Weaknesses (CWE)

CWE-74 — Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'): The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

  • [Requirements] Programming languages and supporting technologies might be chosen which are not subject to these issues.
  • [Implementation] Utilize an appropriate mix of allowlist and denylist parsing to filter control-plane syntax from all input.

Source: MITRE CWE corpus.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Timeline

Published
July 6, 2026
Last Modified
July 6, 2026
First Seen
July 7, 2026

Related Vulnerabilities