Access Control Flaw in Coolify Tool by Coollabsio
CVE-2026-34050
6.5MEDIUM
What is CVE-2026-34050?
Coolify, an open-source management tool for servers and applications, has a vulnerability in the Settings/Updates Livewire component. Prior to version 4.0.0-beta.471, this component fails to validate user permissions correctly. As a result, non-administrative users can access the Updates settings page, which could allow them to modify auto-update configurations or initiate update checks without authorization. This vulnerability poses a risk to system integrity and should be addressed by upgrading to the latest version.
Affected Version(s)
coolify < 4.0.0-beta.471
