Local File Inclusion Vulnerability in Coolify Server Management Tool
CVE-2026-34153
8.8HIGH
What is CVE-2026-34153?
Coolify, an open-source server management tool, is susceptible to a Local File Inclusion vulnerability due to improper validation of user-controlled paths in the LocalFileVolume::saveStorageOnServer function. Authenticated users who can add file storage may exploit this weakness to execute arbitrary commands during the storage process. This risk underscores the necessity for robust input validation and secure coding practices. The issue has been addressed in version 4.0.0-beta.471.
Affected Version(s)
coolify < 4.0.0-beta.471
