71 matches found
CVE-2026-54602 FastGPT: Cross-team LLM request/response disclosure (IDOR) via /api/core/ai/record/getRecord
FastGPT is a knowledge-based AI application platform. Prior to 4.15.0, GET /api/core/ai/record/getRecord authenticates the caller but loads LLM request and response traces only by requestId without team scoping, allowing any authenticated user to read another team's prompts, retrieved RAG chunks,...
CVE-2026-54602
CVE-2026-54602 — FastGPT : A cross-team information disclosure via GET /api/core/ai/record/getRecord existed prior to version 4.15.0. The endpoint authenticated users but loaded LLM request/response traces by requestId without team scoping, allowing any authenticated user to read another team’s p...
CVE-2026-54602
FastGPT is a knowledge-based AI application platform. Prior to 4.15.0, GET /api/core/ai/record/getRecord authenticates the caller but loads LLM request and response traces only by requestId without team scoping, allowing any authenticated user to read another team's prompts, retrieved RAG chunks,...
CVE-2026-54602 FastGPT: Cross-team LLM request/response disclosure (IDOR) via /api/core/ai/record/getRecord
FastGPT is a knowledge-based AI application platform. Prior to 4.15.0, GET /api/core/ai/record/getRecord authenticates the caller but loads LLM request and response traces only by requestId without team scoping, allowing any authenticated user to read another team's prompts, retrieved RAG chunks,...
CVE-2026-55418 FastGPT: S3 presign/read handlers do not bind the object key to the caller's team (cross-team file disclosure)
FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request, without checking that the key belongs to the caller's team. Because S3 object key...
CVE-2026-55418
Summary: CVE-2026-55418 affects FastGPT prior to v4.15.0-beta5, where two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request. The key’s association with the caller’s team is not validated, allowing cross-team file d...
CVE-2026-55418 FastGPT: S3 presign/read handlers do not bind the object key to the caller's team (cross-team file disclosure)
FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request, without checking that the key belongs to the caller's team. Because S3 object key...
CVE-2026-34044
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...
CVE-2026-34044
The CVE-2026-34044 issue affects Coolify prior to 4.0.0-beta.466 where Logs::mount() looks up resources by UUID without limiting to the current team. This enables an authenticated user to read logs for applications owned by other teams by supplying a victim resource UUID, constituting a cross‑tea...
CVE-2026-34044 Coolify: Cross-team IDOR in logs component (resource lookup not team-scoped)
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...
CVE-2026-34044
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...
CVE-2026-34044 Coolify: Cross-team IDOR in logs component (resource lookup not team-scoped)
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...
PT-2026-56129
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.466 Description An authenticated user can access logs of applications belonging to other teams. This occurs because the Logs::mount function retrieves resources using a UUID without verifying if the resourc...
CVE-2026-34167
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the ActivityMonitor Livewire component exposes a public $activityId property without Livewire's Locked attribute. It loads activities via Activity::find$this-activityId wit...
CVE-2026-27956
Affected product: Coolify (open-source self-hostable tool). Vulnerability: Cross-team domain enumeration via the endpoint GET /api/v1/servers/{server_uuid}/domains?uuid={app_uuid} allows any authenticated API user to enumerate FQDNs of applications belonging to other teams. Root cause (as stated)...
CVE-2026-27883
Coolify vulnerability CVE-2026-27883 is an intra-organization information disclosure (IDOR) affecting deployments details via GET /api/v1/deployments/{uuid}. Before 4.0.0-beta.464, an authenticated user could access deployment data for any team because the token-provided teamId was not used to sc...
CVE-2026-27883 Coolify: IDOR in Deployment API - Cross-Team Deployment Information Disclosure
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the GET /api/v1/deployments/uuid endpoint allows any authenticated user to access deployment details belonging to any team, bypassing team-based authorization. The $teamId ...
CVE-2026-27881 Coolify: Cross-team deployment information disclosure via GET /api/v1/deployments/{uuid} (IDOR)
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, GET /api/v1/deployments/uuid in DeployController.php retrieves deployment details without validating that the deployment belongs to the authenticated user's team. Any...
CVE-2026-27881
CVE-2026-27881 (Coolify) arises from a missing ownership check in GET /api/v1/deployments/{uuid} within DeployController.php, allowing any authenticated API user to read deployment records from other teams. The issue precedes version 4.0.0-beta.464 and is resolved in 4.0.0-beta.464. Affected comp...
CVE-2026-27881 Coolify: Cross-team deployment information disclosure via GET /api/v1/deployments/{uuid} (IDOR)
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, GET /api/v1/deployments/uuid in DeployController.php retrieves deployment details without validating that the deployment belongs to the authenticated user's team. Any...