Unrated severityNVD Advisory· Published Mar 10, 2026· Updated Mar 10, 2026

Coral Server has insufficient validation of agent identity for SSE connections

CVE-2026-30968

Description

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, the SSE endpoint (/sse/v1/...) in Coral Server did not strongly validate that a connecting agent was a legitimate participant in the session. This could theoretically allow unauthorized message injection or observation. This vulnerability is fixed in 1.1.0.

Affected products

Coral Protocol/Coral Serverv5
Range: < 1.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Coral-Protocol/coral-server/releases/tag/v1.1.0mitrex_refsource_MISC
github.com/Coral-Protocol/coral-server/security/advisories/GHSA-2rj5-3pgm-xqw9mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000