Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass in github.com/coder/coder
{ "review_status": "UNREVIEWED", "url": "https://pkg.go.dev/vuln/GO-2026-5908" }
"https://vuln.go.dev/ID/GO-2026-5908.json"