2 matches found
CVE-2026-34047
CVE-2026-34047 affects Coolify prior to 4.0.0-beta.471. The flaw is in terminal WebSocket bootstrap routes where authorization middleware was not enforced, allowing an authenticated user to access terminal functionality for resources outside the authorized scope and potentially execute commands. ...
PT-2026-45491
Summary Vitest browser mode served / vitest test / with the otelCarrier query parameter inserted directly into an inline module script. Because this value was treated as JavaScript source rather than data, an attacker could craft a browser-runner URL that executes arbitrary JavaScript in the Vite...