5 matches found
CVE-2026-34168
CVE-2026-34168 affects Coolify prior to 4.0.0-beta.471. The vulnerability arises from the LocalPersistentVolume.name field being interpolated directly into docker volume commands without shell-escaping, enabling an authenticated user to inject and execute commands on managed servers when the reso...
CVE-2026-34049
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.451 through 4.0.0-beta.470, database backup handling for MongoDB collection names did not fully validate shell metacharacters, allowing a highly privileged attacker who can configur...
CVE-2026-34594
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an authenticated command injection vulnerability in the Destination Network Management functionality allows users with destination management permissions to execute arbitra...
CVE-2026-34594
CVE-2026-34594 — Coolify Affected product: Coolify (open-source self-hosted platform for managing servers, apps, and databases). Vulnerability: In the Destination Network Management functionality, the network parameter is passed directly to shell commands without proper sanitization. This authent...
PT-2026-53737
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description An authenticated command injection issue exists in the Destination Network Management functionality. Users with destination management permissions can execute arbitrary commands as root on...