What is CVE-2023-26114?

CVE-2023-26114 is a high-severity vulnerability in Code-server, classified under CWE-1385. CVSS score: 8.2/10. Published 2023-03-23.

How severe is CVE-2023-26114?

High severity. CVSS v3 base score is 8.2 out of 10.

Vulnerability in Code-server

CVE-2023-26114

Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-…

EPSS: 0.002 (39.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L/E:P.

Affected products

N/a Code-server — versions 0

Weakness classification (CWE)

CWE-1385

References

security.snyk.io/vuln/SNYK-JS-CODESERVER-3368148
github.com/coder/code-server/commit/d477972c68fc8c8e8d610aa7287db87ba90e55c7
github.com/coder/code-server/releases/tag/v4.10.1

Frequently asked questions

What is CVE-2023-26114?: CVE-2023-26114 is a high-severity vulnerability in Code-server, classified under CWE-1385. CVSS score: 8.2/10. Published 2023-03-23.
How severe is CVE-2023-26114?: High severity. CVSS v3 base score is 8.2 out of 10.