S3 Storage Endpoint Validation Flaw in Coolify by Coollabs
CVE-2026-42147
4.9MEDIUM
What is CVE-2026-42147?
Coolify, an open-source tool for managing servers and applications, contains a security flaw in its S3 storage endpoint validation prior to version 4.0.0-beta.474. This vulnerability allows authenticated users with storage management permissions to manipulate server-side requests, exposing the potential for requests to be made to internal services or metadata endpoints, which can lead to unauthorized information disclosure. The issue has been addressed in the latest version, enhancing security for users relying on S3 integrations.
Affected Version(s)
coolify < 4.0.0-beta.474
