Command Injection Vulnerability in Coolify by CoolLabs
CVE-2026-34058
8.8HIGH
What is CVE-2026-34058?
The vulnerability in Coolify, an open-source management tool, arises from the Livewire component Server\Resources which improperly handles a container ID parameter sourced directly from the browser. This allows authenticated users to execute arbitrary commands on remote servers through SSH, posing a significant security risk. The flaw has been addressed in version 4.0.0-beta.471, which implemented proper sanitization of user inputs to prevent such exploits. Users are urged to update promptly to safeguard their systems.
Affected Version(s)
coolify < 4.0.0-beta.471
