CVE-2026-42200 Coolify: PostgreSQL Init Script Path Traversal Leads to Arbitrary File Write and Root RCE
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script generateinitscripts method in app/Actions/Database/StartPostgresql.php filename handling did not sufficiently restrict paths, allowing an...