Remote Code Execution Vulnerability in Coolify by Coollabs
CVE-2026-34170
4.3MEDIUM
What is CVE-2026-34170?
Coolify, an open-source management tool for servers, applications, and databases, is vulnerable due to the misconfiguration of the GithubApp api_url field. This lack of allowlisting and private IP blocking enables authenticated users to manipulate server-side HTTP requests, potentially leading to the compromise of internal services or exposure of sensitive cloud metadata endpoints. The vulnerability is addressed in version 4.0.0-beta.471.
Affected Version(s)
coolify < 4.0.0-beta.471
