Command Injection Vulnerability in Coolify by CoolLabs
CVE-2026-34058

8.8HIGH

Key Information:

Vendor

Coollabsio

Status
Vendor
CVE Published:
7 July 2026

What is CVE-2026-34058?

The vulnerability in Coolify, an open-source management tool, arises from the Livewire component Server\Resources which improperly handles a container ID parameter sourced directly from the browser. This allows authenticated users to execute arbitrary commands on remote servers through SSH, posing a significant security risk. The flaw has been addressed in version 4.0.0-beta.471, which implemented proper sanitization of user inputs to prevent such exploits. Users are urged to update promptly to safeguard their systems.

Affected Version(s)

coolify < 4.0.0-beta.471

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.