Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
Coral Server allows unauthorized message injection in sessions
CVE-2026-30968
Summary
Prior to Coral Server version 1.1.0, an attacker could potentially inject or intercept sensitive messages in sessions. This was due to a lack of proper verification of session participants. Update to Coral Server 1.1.0 to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| coralos | coral_server | <= 1.1.0 | – |
Original title
Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, the SSE endpoint (/sse/v1/...) in Coral Se...
Original description
Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, the SSE endpoint (/sse/v1/...) in Coral Server did not strongly validate that a connecting agent was a legitimate participant in the session. This could theoretically allow unauthorized message injection or observation. This vulnerability is fixed in 1.1.0.
nvd CVSS4.0
8.6
Vulnerability type
CWE-862
Missing Authorization
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026