Primary

Context

Coral Server Unauthorized Message Injection or Observation Vulnerability via Weak SSE Endpoint Validation

Vulnerability

A vulnerability exists in Coral Server versions prior to 1.1.0, where the Server-Sent Events (SSE) endpoint did not adequately verify the legitimacy of connecting agents in a session. This flaw could potentially enable unauthorized injection or observation of messages.

Impact

Exploitation of this vulnerability could lead to unauthorized message injection or observation on the affected SSE endpoint.

Remediation

Users can upgrade to Coral Server version 1.1.0 or later, where this vulnerability has been addressed.

Added: Mar 10, 2026, 6:45 PM

Updated: Mar 10, 2026, 6:45 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Coral Server Unauthorized Message Injection or Observation Vulnerability via Weak SSE Endpoint Validation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating