CVE-2026-55079 | Coder up to 2.29.16/2.32.6/2.33.7/2.34.1 Data Upload dataupload.go NewDataBuilder FileSize unrestricted upload

SecurityVulns

A vulnerability marked as critical has been reported in Coder up to 2.29.16/2.32.6/2.33.7/2.34.1. This impacts the function NewDataBuilder of the file provisionersdk/proto/dataupload.go of the component Data Upload Handler. Performing a manipulation of the argument FileSize results in unrestricted upload.

This vulnerability is reported as CVE-2026-55079. The attack is possible to be carried out remotely. No exploit exists.VulDB Recent EntriesRead More