Cyber Resilience

CVE-2026-30968

High

Published: 10 March 2026

Published
10 March 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0034 26.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-30968 is a high-severity Missing Authorization (CWE-862) vulnerability in Coralos Coral Server. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-23 (Session Authenticity).

Deeper analysis

CVE-2026-30968 is a vulnerability in Coral Server, an open collaboration infrastructure that enables communication, coordination, trust, and payments for The Internet of Agents. In versions prior to 1.1.0, the SSE endpoint (/sse/v1/...) failed to strongly validate that a connecting agent was a legitimate participant in the session, as mapped to CWE-862 (Missing Authorization). The issue carries a CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and high impacts on confidentiality, integrity, and availability.

Attackers require no privileges, authentication, or user interaction to exploit this over the network with low complexity. Successful exploitation could theoretically enable unauthorized message injection into sessions or observation of session traffic, potentially compromising the integrity and privacy of agent communications.

The vulnerability is addressed in Coral Server version 1.1.0. Security practitioners should upgrade to this release for mitigation. Additional details are available in the GitHub security advisory at https://github.com/Coral-Protocol/coral-server/security/advisories/GHSA-2rj5-3pgm-xqw9 and the release notes at https://github.com/Coral-Protocol/coral-server/releases/tag/v1.1.0.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, the SSE endpoint (/sse/v1/...) in Coral Server did not strongly validate that a connecting agent was a legitimate participant…

more

in the session. This could theoretically allow unauthorized message injection or observation. This vulnerability is fixed in 1.1.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Missing authorization (CWE-862) on the network-accessible SSE endpoint directly enables remote exploitation of a public-facing application without authentication, matching T1190 for initial access via the described unauthorized session injection or traffic observation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-30970Same product: Coralos Coral Server
CVE-2026-30969Same product: Coralos Coral Server
CVE-2025-69311Shared CWE-862
CVE-2026-3266Shared CWE-862
CVE-2026-45438Shared CWE-862
CVE-2025-23477Shared CWE-862
CVE-2025-68834Shared CWE-862
CVE-2026-22663Shared CWE-862
CVE-2024-12544Shared CWE-862
CVE-2024-50967Shared CWE-862

Affected Assets

coralos
coral server
≤ 1.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires enforcement of approved authorizations for access to the SSE endpoint, addressing the missing validation of legitimate session participants.

prevent

Mandates verification of each communication session and rejection of unverifiable ones, preventing unauthorized connections to the SSE endpoint.

prevent

Enforces least privilege to restrict actions of connecting agents to only those necessary for legitimate session participation, mitigating unauthorized injection or observation.

References