CVE-2026-34153
CVE-2026-34153 affects Coolify before 4.0.0-beta.471, where LocalFileVolume::saveStorageOnServer builds shell commands from unescaped fs_path and parent_dir values prior to validation, and submitFileStorage does not validate the user-controlled file-mount path before creating a volume. An authent...