Path Traversal Vulnerability in Coolify Tool from Coollabsio
CVE-2026-42200
8.8HIGH
What is CVE-2026-42200?
Coolify, an open-source self-hosted application management tool, suffered from a path traversal vulnerability that permitted authenticated users to manipulate file paths during PostgreSQL initialization. This flaw, stemming from inadequate restrictions in the filename handling of the generate_init_scripts() method, allowed users to write files beyond the designated directory, leading to potential command execution risks. This critical issue was promptly addressed in version 4.0.0-beta.474, ensuring that security measures are enhanced for safe operation.
Affected Version(s)
coolify < 4.0.0-beta.474
