Remote Code Execution Vulnerability in Coolify by Coollabs
CVE-2026-34149
3.3LOW
What is CVE-2026-34149?
Coolify, an open-source and self-hostable management tool for servers and applications, is susceptible to a remote code execution flaw due to insufficient escaping of user-controlled database credentials and MongoDB collection names in backup shell commands. This vulnerability is particularly concerning for authenticated users who have database management permissions, as it could allow them to execute arbitrary commands on the managed servers. The issue has been rectified in version 4.0.0-beta.471, emphasizing the need for users to update their installations promptly.
Affected Version(s)
coolify < 4.0.0-beta.471
