File Upload Vulnerability in Coolify Affects Server Management Tool
CVE-2026-42145

3.1LOW

Key Information:

Vendor

Coollabsio

Status
Vendor
CVE Published:
7 July 2026

What is CVE-2026-42145?

Coolify, an open-source server management application, has a file upload vulnerability in its database backup restore feature before version 4.0.0-beta.474. This issue arises from the lack of validation on the file type and size during uploads, which permitted authenticated users to upload potentially harmful or excessively large files. Such actions could lead to service disruptions and overall degradation of system performance. Users are advised to upgrade to the fixed version to mitigate these risks and ensure the integrity of their server management operations.

Affected Version(s)

coolify < 4.0.0-beta.474

References

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.