Vulnerability Database

309,469

Total vulnerabilities in the database

CVE-2023-26114

Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.

Published: Mar 23, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-26114
GHSA: GHSA-frjg-g767-7363
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.2
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L

CWEs:

CWE-346
CWE-1385

Affected Software
References

Software	From	Fixed in
coder / code-server	-	4.10.1
code-server	-	4.10.1

https://github.com/coder/code-server/commit/d477972c68fc8c8e8d610aa7287db87ba90e55c7
https://github.com/coder/code-server/releases/tag/v4.10.1
https://security.snyk.io/vuln/SNYK-JS-CODESERVER-3368148

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo