Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2026-30970

Session authentication bypass in Coral Server session creation endpoint
Back to all
CVE

CVE-2026-30970

Session authentication bypass in Coral Server session creation endpoint

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server allowed the creation of agent sessions through the /api/v1/sessions endpoint without strong authentication. This endpoint performs resource-intensive initialization operations including container spawning and memory context creation. An attacker capable of accessing the endpoint could create sessions or consume system resources without proper authorization. This vulnerability is fixed in 1.1.0.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
8.8
-
4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C
H
U
0
-
C
H
U
-

Related Resources

No items found.

References

https://github.com/Coral-Protocol/coral-server/releases/tag/v1.1.0, https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/30xxx/CVE-2026-30970.json, https://github.com/Coral-Protocol/coral-server/security/advisories/GHSA-wqfm-hhqf-9hgp, https://nvd.nist.gov/vuln/detail/CVE-2026-30970

Severity

0

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
0
EPSS Probability
0.00113%
EPSS Percentile
0.29315%
Introduced Version
0
Fix Available
0c41f383fd9127d440012301b284f47e90a6da82

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading