Vulnerability Database
296,662
Total vulnerabilities in the database
CVE-2025-59956
Summary
AgentAPI prior to version 0.4.0 was susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost.
Impact
An attacker could have gained access to the /messages endpoint served by the Agent API. This allowed for the unauthorized exfiltration of sensitive user data, specifically local message history, which could've included secret keys, file system contents, and intellectual property the user was working on locally.
Remediation
We've implemented an Origin and Host header validating middleware and set a secure by default configuration.
Please upgrade to version 0.4.0 or later.
Credits
We'd like to thank Evan Harris from mcpsec.dev for reporting this issue and following the coordinated disclosure policy.
| Software | From | Fixed in |
|---|---|---|
github.com/coder/agentapi
|
- | 0.4.0 |
- https://github.blog/security/application-security/localhost-dangers-cors-and-dns-rebinding
- https://github.com/coder/agentapi/commit/5c425c62447b8a9eac19e9fc5a2eae7f0803f149
- https://github.com/coder/agentapi/pull/49
- https://github.com/coder/agentapi/releases/tag/v0.4.0
- https://github.com/coder/agentapi/security/advisories/GHSA-w64r-2g3w-w8w4
- https://mcpsec.dev/advisories/2025-09-19-coder-chat-exfiltration
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime