CVE-2026-55434

GHSA-f5vp-w269-392g MEDIUM
Published July 6, 2026

### Summary AI Bridge provider handlers read request bodies with `io.ReadAll` without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory. > **Note:** Exploitation requires authenticated access to the AI Bridge endpoints and the...

Full CISO analysis pending enrichment.

What systems are affected?

Package Ecosystem Vulnerable Range Patched
Anthropic Python go >= 2.34.0, < 2.34.2 2.34.2
3.7K 5.4K dependents Pushed 4d ago 95% patched ~3d to patch Full package profile →

Do you use Anthropic Python? You're affected.

How severe is it?

CVSS 3.1
6.5 / 10
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

What is the attack surface?

AV AC PR UI S C I A
AV Network
AC Low
PR Low
UI None
S Unchanged
C None
I None
A High

What should I do?

Patch available

Update Anthropic Python to version 2.34.2

Which compliance frameworks are affected?

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-55434?

### Summary AI Bridge provider handlers read request bodies with `io.ReadAll` without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory. > **Note:** Exploitation requires authenticated access to the AI Bridge endpoints and the impact is limited to availability (denial of service). ### Impact An authenticated member-level user could POST a very large or chunked body to an AI Bridge provider endpoint such as `/api/v2/aibridge/anthropic/v1/messages`, growing heap memory until the operating system terminates the process. Because AI Bridge runs in-process with `coderd`, this crashes the entire control plane, including the API, workspace coordinator and DERP relay. It requires an authenticated user and the AI Bridge feature enabled. ### Patches The fix applies `http.MaxBytesReader` or an equivalent cap before reading provider and session request bodies. The affected AI Bridge provider endpoints exist only on the v2.33 and v2.34 lines. Earlier release lines are not affected. The fix is available in the following releases: | Release line | Patched version | |---|---| | 2.34 | [v2.34.2](https://github.com/coder/coder/releases/tag/v2.34.2) | | 2.33 | [v2.33.8](https://github.com/coder/coder/releases/tag/v2.33.8) | ### Workarounds None. ### Resources - Fix: #26164 ### Credits Coder would like to thank Anthropic's Security Team (ANT-2026-22443) for independently disclosing this issue!

Is CVE-2026-55434 actively exploited?

No confirmed active exploitation of CVE-2026-55434 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-55434?

Update to patched version: Anthropic Python 2.34.2.

What is the CVSS score for CVE-2026-55434?

CVE-2026-55434 has a CVSS v3.1 base score of 6.5 (MEDIUM).

What are the technical details?

Original Advisory

### Summary AI Bridge provider handlers read request bodies with `io.ReadAll` without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory. > **Note:** Exploitation requires authenticated access to the AI Bridge endpoints and the impact is limited to availability (denial of service). ### Impact An authenticated member-level user could POST a very large or chunked body to an AI Bridge provider endpoint such as `/api/v2/aibridge/anthropic/v1/messages`, growing heap memory until the operating system terminates the process. Because AI Bridge runs in-process with `coderd`, this crashes the entire control plane, including the API, workspace coordinator and DERP relay. It requires an authenticated user and the AI Bridge feature enabled. ### Patches The fix applies `http.MaxBytesReader` or an equivalent cap before reading provider and session request bodies. The affected AI Bridge provider endpoints exist only on the v2.33 and v2.34 lines. Earlier release lines are not affected. The fix is available in the following releases: | Release line | Patched version | |---|---| | 2.34 | [v2.34.2](https://github.com/coder/coder/releases/tag/v2.34.2) | | 2.33 | [v2.33.8](https://github.com/coder/coder/releases/tag/v2.33.8) | ### Workarounds None. ### Resources - Fix: #26164 ### Credits Coder would like to thank Anthropic's Security Team (ANT-2026-22443) for independently disclosing this issue!

Weaknesses (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling: The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

  • [Requirements] Clearly specify the minimum and maximum expectations for capabilities, and dictate which behaviors are acceptable when resource allocation reaches limits.
  • [Architecture and Design] Limit the amount of resources that are accessible to unprivileged users. Set per-user limits for resources. Allow the system administrator to define these limits. Be careful to avoid CWE-410.

Source: MITRE CWE corpus.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Timeline

Published
July 6, 2026
Last Modified
July 6, 2026
First Seen
July 7, 2026

Related Vulnerabilities