CVE-2026-27957

CVE-2026-27957 affects Coolify prior to 4.0.0-beta.464, where an authenticated command-injection in the CA Certificate management feature lets any authenticated user run arbitrary commands as the configured SSH user on the managed host. This typically enables full compromise of the managed server...

CVE-2026-27955

Summary: CVE-2026-27955 affects Coolify prior to 4.0.0-beta.464, where the executeInDocker() helper wraps commands in bash -c '{$command}' without escaping single quotes. User-controlled fields docker_compose_custom_build_command and docker_compose_custom_start_command are interpolated directly, ...

CVE-2026-27883

Coolify vulnerability CVE-2026-27883 is an intra-organization information disclosure (IDOR) affecting deployments details via GET /api/v1/deployments/{uuid}. Before 4.0.0-beta.464, an authenticated user could access deployment data for any team because the token-provided teamId was not used to sc...

CVE-2026-27881 Coolify: Cross-team deployment information disclosure via GET /api/v1/deployments/{uuid} (IDOR)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, GET /api/v1/deployments/uuid in DeployController.php retrieves deployment details without validating that the deployment belongs to the authenticated user's team. Any...