A vulnerability classified as problematic was found in Coder up to 2.29.6/2.32.6/2.33.7/2.34.1. Affected by this issue is the function
UpsertWorkspaceApp/insertAgentApp of the component Workspace App Provisioner. The manipulation of the argument app ID results in improper authorization.
This vulnerability is known as CVE-2026-55429. It is possible to launch the attack remotely. No exploit is available.