Auth bypass in Coral-protocol Coral-server

CVE-2026-30969

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server wit…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.001 (21.9th percentile) — read the EPSS interpretation.

Affected products

Coral-protocol Coral-server — versions < 1.1.0

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

https://github.com/Coral-Protocol/coral-server/security/advisories/GHSA-ccx7-7wv9-c55x (x_refsource_CONFIRM)
https://github.com/Coral-Protocol/coral-server/releases/tag/v1.1.0 (x_refsource_MISC)