You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AgentAPI prior to version 0.4.0 was susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost.
Impact
An attacker could have gained access to the /messages endpoint served by the Agent API. This allowed for the unauthorized exfiltration of sensitive user data, specifically local message history, which could've included secret keys, file system contents, and intellectual property the user was working on locally.
Remediation
We've implemented an Origin and Host header validating middleware and set a secure by default configuration.
eharris128 Reporter
Summary
AgentAPI prior to version 0.4.0 was susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost.
Impact
An attacker could have gained access to the
/messagesendpoint served by the Agent API. This allowed for the unauthorized exfiltration of sensitive user data, specifically local message history, which could've included secret keys, file system contents, and intellectual property the user was working on locally.Remediation
We've implemented an
OriginandHostheader validating middleware and set a secure by default configuration.Please upgrade to version 0.4.0 or later.
Credits
We'd like to thank Evan Harris from mcpsec.dev for reporting this issue and following the coordinated disclosure policy.
Reference
https://mcpsec.dev/advisories/2025-09-19-coder-chat-exfiltration/
https://github.blog/security/application-security/localhost-dangers-cors-and-dns-rebinding/