Cyber Posture

CVE-2026-30970

Critical

Published: 10 March 2026

Published
10 March 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0011 28.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server allowed the creation of agent sessions through the /api/v1/sessions endpoint without strong authentication. This endpoint performs resource-intensive…

more

initialization operations including container spawning and memory context creation. An attacker capable of accessing the endpoint could create sessions or consume system resources without proper authorization. This vulnerability is fixed in 1.1.0.

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

AC-3 enforces approved authorizations for access to system resources, directly mitigating unauthorized session creation via the /api/v1/sessions endpoint.

AC-14 Permitted Actions Without Identification or Authentication good match
prevent

AC-14 explicitly authorizes and limits actions performable without identification or authentication, ensuring resource-intensive session creation requires authentication.

SC-14 Public Access Protections good match
prevent

SC-14 controls access to publicly accessible systems like the Coral Server API endpoint with established terms and conditions, preventing unauthenticated resource consumption.

Security SummaryAI

CVE-2026-30970 affects Coral Server, an open collaboration infrastructure for communication, coordination, trust, and payments in The Internet of Agents. In versions prior to 1.1.0, the /api/v1/sessions endpoint permits the creation of agent sessions without strong authentication. This endpoint executes resource-intensive operations, such as container spawning and memory context creation, enabling unauthorized resource consumption. The vulnerability is classified under CWE-862 (Missing Authorization) with a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).

Any network-accessible attacker can exploit this vulnerability without privileges, authentication, or user interaction by repeatedly invoking the /api/v1/sessions endpoint. Successful exploitation allows creation of unauthorized agent sessions, leading to high integrity impacts through improper session management and high availability impacts via resource exhaustion from container and memory operations.

The vulnerability is addressed in Coral Server version 1.1.0, as detailed in the project's release notes and GitHub security advisory (GHSA-wqfm-hhqf-9hgp). Security practitioners should upgrade to 1.1.0 or later and review access controls on exposed API endpoints to prevent unauthorized session creation.

Details

CWE(s)
CWE-862

Affected Products

coralos
coral server
≤ 1.1.0

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
T1499.003 Application Exhaustion Flood Impact
Adversaries may target resource intensive features of applications to cause a denial of service (DoS), denying availability to those applications.
attack.mitre.org →
Why these techniques?

The vulnerability allows unauthenticated remote exploitation of a public-facing API endpoint (T1190) to spawn resource-intensive containers and memory contexts, enabling endpoint DoS via application exhaustion flood (T1499.003) or application exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References