HomeCVE Intelligence › CVE-2026-44454
CVSS 8.1 HIGH Vulnerability

CVE-2026-44454: Coder vulnerable to workspace auto-creation via crafted URL parameters without user conse…

Command injection via dotfiles URI parameter combined with workspace auto-creation Summary The dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisi…

8.1CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-44454
Vendorgo
Affected Productgithub.com/coder/coder/v2
Vulnerability TypeVulnerability
CVSS Score8.1 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

Command injection via dotfiles URI parameter combined with workspace auto-creation

Summary The dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a crafted dotfiles_uri value (for example, one containing shell command substitution such as $(...)) could achieve command execution in their own workspace. The Create Workspace page's mode=auto deep links amplified this into a one-click attack: an attacker could craft a URL that prefilled param.dotfiles_uri and silently provisioned a workspace with the attacker-controlled value, with no explicit user confirmation.

Details

Command injection in the dotfiles module (root cause) The [dotfiles module](https://github.com

🎯 Known Indicators of Compromise

{"type":"url","value":"https://github.com","confidence_score":0.82,"first_seen":"2026-07-02","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-44454 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence