Access Control Issues in Coolify by Coollabsio
CVE-2026-34044
7.7HIGH
What is CVE-2026-34044?
Coolify, an open-source and self-hostable management tool for servers, applications, and databases, contains an access control vulnerability in its Logs::mount() component. Before version 4.0.0-beta.466, the system did not properly scope UUID lookups to the current user’s team, enabling authenticated users to access logs belonging to other teams by providing a valid UUID. This flaw poses a significant risk as it could expose sensitive information across team boundaries. The issue has been addressed and patched in version 4.0.0-beta.466.
Affected Version(s)
coolify < 4.0.0-beta.466
