Input Validation Flaw in Coolify Affects Docker Deployment Security
CVE-2026-42201
3.3LOW
What is CVE-2026-42201?
Coolify, an open-source server management tool, suffers from an input validation flaw affecting several database credential fields. In versions prior to 4.0.0-beta.474, these fields were validated only as strings without robust shell-safety checks at the API layer, creating a security vulnerability. Consequently, user-supplied credentials were directly interpolated into a Docker Compose YAML command without proper escaping, potentially allowing for command injection risks. The issue has been addressed in the specified version.
Affected Version(s)
coolify < 4.0.0-beta.474
