2 matches found
CVE-2026-34152 Coolify: Command Injection via Newline in Pre/Post Deployment Commands (Heredoc Transport)
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, pre-deployment and post-deployment commands are single-quote escaped but then sent through SSH heredoc transport that preserves newlines, allowing an authenticated user to...
PT-2026-56135
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description An authenticated user can inject additional shell statements that execute on the remote server during deployment. This occurs because pre-deployment and post-deployment commands are...