Auth bypass in Coral-protocol Coral-server

CVE-2026-30968

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, the SSE endpoint (/sse/v1/...) in Coral Server did not strongly validate that a conn…

Vulnerability class: Broken Access Control

EPSS: 0.001 (20.3th percentile) — read the EPSS interpretation.

Affected products

Coral-protocol Coral-server — versions < 1.1.0

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

https://github.com/Coral-Protocol/coral-server/security/advisories/GHSA-2rj5-3pgm-xqw9 (x_refsource_CONFIRM)
https://github.com/Coral-Protocol/coral-server/releases/tag/v1.1.0 (x_refsource_MISC)