Command Injection Vulnerability in Coolify by Coollabs.io
CVE-2026-34057
8.8HIGH
What is CVE-2026-34057?
Coolify, a self-hostable tool for server management, is susceptible to a command injection vulnerability prior to version 4.0.0-beta.471. This flaw exists within the database import Livewire component, where it permits user-controlled input to access shell commands without adequate locking or validation mechanisms in place. An authenticated user could exploit this weakness by injecting arbitrary commands through the database import container name, potentially compromising the server environment. Users are advised to upgrade to the patched version to secure their systems.
Affected Version(s)
coolify < 4.0.0-beta.471
