CVE-2025-59156

CVE-2025-59156 affects Coolify prior to version 4.0.0-beta.420.7, where a remote command injection flaw in the application deployment workflow allows a low-privileged user to inject arbitrary Docker Compose directives. By defining a malicious service that mounts the host filesystem, an attacker c...

PT-2026-1327

Name of the Vulnerable Software and Affected Versions Coolify versions prior to and including 4.0.0-beta.434 Description Coolify is a self-hostable tool for managing servers, applications, and databases. In affected versions, users with limited privileges can view the private key belonging to the...

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.420.8 and earlier versions, which stems from an information leak in the API endpoint that could lead to unauthorized email address changes...

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.420.6 and prior versions, which stems from the presence of stored cross-site scripting in the project creation process that could lead to t...

Coolify 操作系统命令注入漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. An operating system command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.420.7, which stems from improperly cleaned Git Repository field inputs that could lead to comma...

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.434 and earlier versions, which stems from a low-privileged user being able to view the root user's private key, potentially leading to SSH...

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.434 and earlier versions, which stems from a low-privileged user being able to use an invitation link sent to an administrator, potentially...

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.434 and earlier versions, which stems from a command injection in the resource git source input field, which could lead to the execution of...

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.434 and earlier versions, which stems from a low-privileged user being able to invite a high-privileged user, potentially resulting in...

PT-2026-1336

Name of the Vulnerable Software and Affected Versions Coolify versions up to and including 4.0.0-beta.434 Description Coolify is a self-hostable tool for managing servers, applications, and databases. An attacker can initiate a password reset for a victim and modify the host header of the request...

PT-2026-1315

Name of the Vulnerable Software and Affected Versions Coolify versions prior to and including 4.0.0-beta.420.8 Description Coolify is a self-hostable tool for managing servers, applications, and databases. The /api/v1/teams/team id/members and /api/v1/teams/current/members API endpoints allow...

Coolify 命令注入漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.445, which stems from improper cleanup of the docker-compose.yaml parameter, which could lead to command executio...

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.434 and prior versions, which originates in the host header of a modifiable password reset request and could lead to account takeover...

PT-2026-1332

Name of the Vulnerable Software and Affected Versions Coolify versions up to and including 4.0.0-beta.434 Description Coolify is a self-hostable tool for managing servers, applications, and databases. A low privileged user member can view and utilize invitation links intended for administrators. ...

Coolify 操作系统命令注入漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. An operating system command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.420.7, which stems from an application deployment process that can inject arbitrary Docker...

PT-2026-1326

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.445 Description Coolify is a self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters from docker-compose.yaml files are not properly sanitized when...

PT-2026-1331

Name of the Vulnerable Software and Affected Versions Coolify versions 4.0.0-beta.434 and later Description Coolify is a self-hostable tool for managing servers, applications, and databases. A rate limit on the /login endpoint can be bypassed by rotating the X-Forwarded-For header. This allows...

PT-2026-1335

Name of the Vulnerable Software and Affected Versions Coolify versions up to and including v4.0.0-beta.434 Description Coolify is a self-hostable tool for managing servers, applications, and databases. A command injection exists in the git source input fields of a resource, potentially allowing a...

PT-2026-1314

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.420.7 Description Coolify is a self-hostable tool for managing servers, applications, and databases. A stored cross-site scripting XSS issue exists in the project creation workflow. An authenticated user wi...

PT-2026-1313

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.420.7 Description Coolify is a self-hostable tool for managing servers, applications, and databases. Versions of Coolify before 4.0.0-beta.420.7 contain a command injection flaw in the Git Repository field...