Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.6
Coral Server: Unsecured Sessions Allow Impersonation
CVE-2026-30969
Summary
An attacker could assume another user's identity or join a private conversation by exploiting a weakness in how Coral Server validates user sessions. This is a concern for users who rely on the security of their conversations and financial transactions. To fix this, update to version 1.1.0 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| coralos | coral_server | <= 1.1.0 | – |
Original title
Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authen...
Original description
Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who obtained or predicted a session identifier to impersonate an agent or join an existing session. This vulnerability is fixed in 1.1.0.
nvd CVSS4.0
7.6
Vulnerability type
CWE-639
Authorization Bypass Through User-Controlled Key
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026