Remote Code Execution Vulnerability in Coolify by Coollabs
CVE-2026-59734

8.8HIGH

Key Information:

Vendor

Coollabsio

Status
Vendor
CVE Published:
9 July 2026

What is CVE-2026-59734?

Coolify, an open-source tool designed for managing servers, applications, and databases, had an issue in its ApplicationDeploymentJob.php file prior to version 4.0.0-beta.469. The vulnerable generate_healthcheck_commands() function improperly handled user-provided parameters, allowing authenticated users to inject arbitrary commands into shell execution. This flaw compromises the integrity of deployment containers by enabling unauthorized access. The vulnerability has been addressed in the subsequent update, reinforcing the importance of keeping software versions up to date.

Affected Version(s)

coolify < 4.0.0-beta.469

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.