CVE-2026-30969

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-30969
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30969.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-30969
Aliases
  • GHSA-ccx7-7wv9-c55x
Published
2026-03-10T17:27:24.956Z
Modified
2026-04-02T13:24:00.753171Z
Severity
  • 7.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Coral Server has insufficient agent authentication in session communication channels
Details

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who obtained or predicted a session identifier to impersonate an agent or join an existing session. This vulnerability is fixed in 1.1.0.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/30xxx/CVE-2026-30969.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-639"
    ]
}
References

Affected packages

Git / github.com/Coral-Protocol/coral-server

Affected ranges

Type
GIT
Repo
https://github.com/Coral-Protocol/coral-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0c41f383fd9127d440012301b284f47e90a6da82
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.1.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/coral-protocol/coral-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0c41f383fd9127d440012301b284f47e90a6da82

Affected versions

Other
stabletutorial
v0
v1.*
v1.0.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30969.json"