2 matches found
CVE-2026-42200
Coolify prior to 4.0.0-beta.474 is affected by a path traversal in the PostgreSQL initialization script handling (generate_init_scripts() in app/Actions/Database/StartPostgresql.php). An authenticated user could write files outside the intended directory during database initialization, enabling c...
PT-2026-53734
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description Multiple Livewire web UI components fail to validate team ownership when processing server id and destination uuid passed via URL query parameters. While API controllers correctly use the...