Improper Authentication Vulnerability in Coolify Server Management Tool
CVE-2026-34171
8HIGH
What is CVE-2026-34171?
Coolify, an open-source platform for managing servers and applications, has a vulnerability in its invitation system. Prior to version 4.0.0-beta.471, the GET /invitations/{uuid} endpoint was susceptible to unauthorized password resets. Attackers could exploit this flaw by crafting a specific invitation link that, when accessed by a victim, could lead to resetting their account password to a predictable value. This vulnerability has been addressed in the latest version, ensuring that users are safeguarded against such attacks.
Affected Version(s)
coolify < 4.0.0-beta.471
