Missing Authorization Vulnerability in Coollabsio Coolify Application
CVE-2026-15507
Key Information:
- Vendor
Coollabsio
- Status
- Vendor
- CVE Published:
- 12 July 2026
Badges
What is CVE-2026-15507?
A vulnerability has been identified in the Coollabsio Coolify application, where an unknown function within the /app/Policies/ directory of the Policy Handler component lacks proper authorization checks. This oversight allows for the potential exploitation by unauthorized users, enabling them to manipulate the application remotely. The exploit details have been made public, making it crucial for users to assess their security posture to mitigate any risks associated with this vulnerability.
Affected Version(s)
Coolify 4.1.0
Coolify 4.1.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
