CVE-2026-30969

CRITICAL

Coral Server <1.1.0 - Auth Bypass

Title source: llm

Description

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who obtained or predicted a session identifier to impersonate an agent or join an existing session. This vulnerability is fixed in 1.1.0.

References (2)

[Vendor Advisory] https://github.com/Coral-Protocol/coral-server/security/advisories/GHSA-ccx7-7wv9-c55x

[Release Notes] https://github.com/Coral-Protocol/coral-server/releases/tag/v1.1.0

Scores

CVSS v3 9.1

EPSS 0.0006

EPSS Percentile 18.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-639

Status published

Products (1)

coralos/coral_server < 1.1.0

Published Mar 10, 2026

Tracked Since Mar 11, 2026