CVE-2026-32718
Summary: Coolify prior to 4.0.0-beta.466 exposes a vulnerability where mutating API validation endpoints are protected only by read privileges, allowing read-scoped API tokens to perform state-changing actions (e.g., validating cloud tokens and servers). What’s affected: Coolify (self-hosted) wit...