Coder Azure instance identity bypass: what IAM teams need to know

TL;DR: A CVE-2026-46354 flaw in Coder lets an unauthenticated attacker forge a PKCS#7 envelope, obtain a workspace agent session token, and potentially steal Git SSH keys and OAuth credentials from Azure-backed development workspaces, according to Orca Security. The issue shows how instance-identity trust can become secret-exposure risk when signature verification is incomplete.

NHIMG editorial — based on content published by Orca Security: the Coder vulnerability affecting Azure instance identity authentication and workspace agent secrets

By the numbers:

• CVE-2026-46354 carries a CVSS score of 9.1.
• v2.33.0-rc.0 through v2.33.2, ions v2.33.0-rc.0 through v2.33.2, v2.32.0-rc.0 through v2.32.1, v2.31.0 through v2.31.11, v2.30.0 through v2.30.7, v2.29.0 through v2.29.12, and all versions prior to v2.24.5.

Questions worth separating out

Q: What breaks when a workspace identity flow accepts forged identity data?

A: The trust boundary collapses before authentication ever occurs.

Q: Why do developer workspaces create supply-chain risk when identity is misvalidated?

A: Because workspace identities often bridge into Git repositories, OAuth-connected services, and CI/CD systems.

Q: How can security teams know whether workspace agent tokens are being over-trusted?

A: Look for token issuance paths that are not tied to strong proof of origin, and then test whether those tokens can reach secrets, repositories, or pipelines without additional checks.

Practitioner guidance

• Disable Azure instance identity authentication where it is not essential Remove the unauthenticated trust path from Coder deployments until patched versions are in place, and confirm that the configuration change is applied consistently across all environments.
• Patch every affected Coder version immediately Move to the fixed releases listed by the vendor, then inventory any downstream workspaces that may still be running versions older than v2.24.5 or within the affected release bands.
• Treat workspace agent tokens as high-risk credentials Log issuance, correlate it with runtime reachability, and alert on unusual token creation from internet-facing or unexpected workspace identities before repository access is exercised.

What's in the full article

Orca Security's full article covers the operational detail this post intentionally leaves for the source:

• Affected Coder version ranges and the exact patched releases organisations should target
• Step-by-step exploit mechanics for the forged PKCS#7 envelope and vmId prerequisite
• Temporary workaround guidance for disabling Azure instance identity authentication
• Exposure context for internet-facing deployments and why reachability changes priority

👉 Read Orca Security's analysis of the Coder PKCS#7 bypass and Azure workspace identity flaw →

Coder Azure instance identity bypass: what IAM teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →