PT-2026-53893 · Coolify · Coolify
Published
2026-06-30
·
Updated
2026-06-30
·
CVE-2026-27957
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Coolify versions prior to 4.0.0-beta.464
Description
An authenticated command injection issue exists in the CA Certificate management feature. This allows an authenticated user to execute arbitrary commands as the configured SSH user on the managed server host. Since the SSH user typically requires root privileges or membership in the docker group for the software to function, this can lead to a complete compromise of the managed server and its associated docker containers.
Recommendations
Update to version 4.0.0-beta.464.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Coolify