Auth bypass in Coral-protocol Coral-server

CVE-2026-30970

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server allowed the creation of agent sessions through the /api/v1/sessions end…

Vulnerability class: Broken Access Control

EPSS: 0.001 (29.4th percentile) — read the EPSS interpretation.

Affected products

Coral-protocol Coral-server — versions < 1.1.0

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

https://github.com/Coral-Protocol/coral-server/security/advisories/GHSA-wqfm-hhqf-9hgp (x_refsource_CONFIRM)
https://github.com/Coral-Protocol/coral-server/releases/tag/v1.1.0 (x_refsource_MISC)