vulnerability in envbuilder project

While working on envbuilder project, I discovered a vulnerability [(CVE-2025-66411](https://vulert.com/vuln-db/CVE-2025-66411)) in the github.com/coder/coder/v2 package. The issue occurs because the Workspace Agent logs sensitive environment variables in plaintext without sanitization. Updating to the patched version and disabling agent logs temporarily mitigates the risk.

[CVE Link](https://vulert.com/vuln-db/CVE-2025-66411)
[CVE Report](https://vulert.com/vuln-scan/list/ba54e292-6b19-462d-b02d-77839d9a04f9)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

vulnerability in envbuilder project #484

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

vulnerability in envbuilder project #484

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions