### Summary AI Bridge provider handlers read request bodies with `io.ReadAll` without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory. > **Note:** Exploitation requires authenticated access to the AI Bridge endpoints and the...
Full CISO analysis pending enrichment.
What systems are affected?
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| Anthropic Python | go | >= 2.34.0, < 2.34.2 | 2.34.2 |
Do you use Anthropic Python? You're affected.
How severe is it?
What is the attack surface?
What should I do?
Patch available
Update Anthropic Python to version 2.34.2
Which compliance frameworks are affected?
Compliance analysis pending. Sign in for full compliance mapping when available.
Frequently Asked Questions
What is CVE-2026-55434?
### Summary AI Bridge provider handlers read request bodies with `io.ReadAll` without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory. > **Note:** Exploitation requires authenticated access to the AI Bridge endpoints and the impact is limited to availability (denial of service). ### Impact An authenticated member-level user could POST a very large or chunked body to an AI Bridge provider endpoint such as `/api/v2/aibridge/anthropic/v1/messages`, growing heap memory until the operating system terminates the process. Because AI Bridge runs in-process with `coderd`, this crashes the entire control plane, including the API, workspace coordinator and DERP relay. It requires an authenticated user and the AI Bridge feature enabled. ### Patches The fix applies `http.MaxBytesReader` or an equivalent cap before reading provider and session request bodies. The affected AI Bridge provider endpoints exist only on the v2.33 and v2.34 lines. Earlier release lines are not affected. The fix is available in the following releases: | Release line | Patched version | |---|---| | 2.34 | [v2.34.2](https://github.com/coder/coder/releases/tag/v2.34.2) | | 2.33 | [v2.33.8](https://github.com/coder/coder/releases/tag/v2.33.8) | ### Workarounds None. ### Resources - Fix: #26164 ### Credits Coder would like to thank Anthropic's Security Team (ANT-2026-22443) for independently disclosing this issue!
Is CVE-2026-55434 actively exploited?
No confirmed active exploitation of CVE-2026-55434 has been reported, but organizations should still patch proactively.
How to fix CVE-2026-55434?
Update to patched version: Anthropic Python 2.34.2.
What is the CVSS score for CVE-2026-55434?
CVE-2026-55434 has a CVSS v3.1 base score of 6.5 (MEDIUM).
What are the technical details?
Original Advisory
### Summary AI Bridge provider handlers read request bodies with `io.ReadAll` without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory. > **Note:** Exploitation requires authenticated access to the AI Bridge endpoints and the impact is limited to availability (denial of service). ### Impact An authenticated member-level user could POST a very large or chunked body to an AI Bridge provider endpoint such as `/api/v2/aibridge/anthropic/v1/messages`, growing heap memory until the operating system terminates the process. Because AI Bridge runs in-process with `coderd`, this crashes the entire control plane, including the API, workspace coordinator and DERP relay. It requires an authenticated user and the AI Bridge feature enabled. ### Patches The fix applies `http.MaxBytesReader` or an equivalent cap before reading provider and session request bodies. The affected AI Bridge provider endpoints exist only on the v2.33 and v2.34 lines. Earlier release lines are not affected. The fix is available in the following releases: | Release line | Patched version | |---|---| | 2.34 | [v2.34.2](https://github.com/coder/coder/releases/tag/v2.34.2) | | 2.33 | [v2.33.8](https://github.com/coder/coder/releases/tag/v2.33.8) | ### Workarounds None. ### Resources - Fix: #26164 ### Credits Coder would like to thank Anthropic's Security Team (ANT-2026-22443) for independently disclosing this issue!
Weaknesses (CWE)
CWE-770 — Allocation of Resources Without Limits or Throttling: The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
- [Requirements] Clearly specify the minimum and maximum expectations for capabilities, and dictate which behaviors are acceptable when resource allocation reaches limits.
- [Architecture and Design] Limit the amount of resources that are accessible to unprivileged users. Set per-user limits for resources. Allow the system administrator to define these limits. Be careful to avoid CWE-410.
Source: MITRE CWE corpus.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References
Timeline
Related Vulnerabilities
CVE-2026-55429 8.7 Analysis pending
Same package: anthropic CVE-2026-7574 8.7 Claude Desktop: VM integrity bypass enables RCE
Same package: anthropic CVE-2026-55427 8.3 Analysis pending
Same package: anthropic CVE-2026-55428 8.2 Analysis pending
Same package: anthropic CVE-2026-45370 7.7 utcp-cli: env leak exfiltrates all agent process secrets
Same package: anthropic