Authorization Bypass in Coolify WebSocket Functionality
CVE-2026-34047
9.9CRITICAL
What is CVE-2026-34047?
Coolify, an open-source tool for server and application management, has a vulnerability affecting its terminal WebSocket bootstrap routes. This issue allows authenticated users to bypass authorization checks and access terminal functionalities for unauthorized resources, potentially enabling them to execute commands outside their designated scope. The flaw has been addressed in version 4.0.0-beta.471, and users are advised to update their installations promptly to mitigate the risk.
Affected Version(s)
coolify < 4.0.0-beta.471
