Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Coral Server: Unauthenticated Agent Session Creation
CVE-2026-30970
Summary
Before Coral Server 1.1.0, anyone could create agent sessions without being verified, allowing malicious activity and resource abuse. This means an attacker could take control of sessions or exhaust system resources without permission. Update to version 1.1.0 to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| coralos | coral_server | <= 1.1.0 | – |
Original title
Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server allowed the creation of agent...
Original description
Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server allowed the creation of agent sessions through the /api/v1/sessions endpoint without strong authentication. This endpoint performs resource-intensive initialization operations including container spawning and memory context creation. An attacker capable of accessing the endpoint could create sessions or consume system resources without proper authorization. This vulnerability is fixed in 1.1.0.
nvd CVSS4.0
8.8
Vulnerability type
CWE-862
Missing Authorization
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026