S3 Storage Endpoint Validation Flaw in Coolify by Coollabs
CVE-2026-42147

4.9MEDIUM

Key Information:

Vendor

Coollabsio

Status
Vendor
CVE Published:
7 July 2026

What is CVE-2026-42147?

Coolify, an open-source tool for managing servers and applications, contains a security flaw in its S3 storage endpoint validation prior to version 4.0.0-beta.474. This vulnerability allows authenticated users with storage management permissions to manipulate server-side requests, exposing the potential for requests to be made to internal services or metadata endpoints, which can lead to unauthorized information disclosure. The issue has been addressed in the latest version, enhancing security for users relying on S3 integrations.

Affected Version(s)

coolify < 4.0.0-beta.474

References

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.