Access Control Flaw in Coolify Tool by Coollabsio
CVE-2026-34050

6.5MEDIUM

Key Information:

Vendor

Coollabsio

Status
Vendor
CVE Published:
6 July 2026

What is CVE-2026-34050?

Coolify, an open-source management tool for servers and applications, has a vulnerability in the Settings/Updates Livewire component. Prior to version 4.0.0-beta.471, this component fails to validate user permissions correctly. As a result, non-administrative users can access the Updates settings page, which could allow them to modify auto-update configurations or initiate update checks without authorization. This vulnerability poses a risk to system integrity and should be addressed by upgrading to the latest version.

Affected Version(s)

coolify < 4.0.0-beta.471

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.