Improper Access Control in Coolify Affects Server and Project Management
CVE-2026-34592

7.7HIGH

Key Information:

Vendor: Coollabsio
Status: Coolify
Vendor: CVE Published:; 29 June 2026

What is CVE-2026-34592?

Coolify, an open-source tool for managing servers, applications, and databases, contains a significant vulnerability that allows authenticated users to access and manipulate servers and projects belonging to other teams. This issue arises from inadequate scoping of server and project lookups, enabling any user with the proper ID to gain unauthorized access. The vulnerability was addressed and resolved in version 4.0.0-beta.471, which enforces proper access controls to protect team-specific information. For detailed information, visit the advisory link.

Affected Version(s)

coolify < 4.0.0-beta.471

References

https://github.com/coollabsio/coolify/security/advisories...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
Mar 30, 2026

CVE-2026-34592 Data

JSON

Coollabsio

What is CVE-2026-34592?

Affected Version(s)

References

CVSS V3.1

Timeline