PT-2026-56126 · Coolify · Coolify

Published

2026-07-07

·

Updated

2026-07-07

·

CVE-2026-34034

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.466
Description An authenticated user with access to server Sentinel settings can execute commands on the host when Sentinel is restarted. This occurs because the sentinel token setting is used in shell commands without sufficient validation, allowing for the injection of shell syntax.
Recommendations Update to version 4.0.0-beta.466.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-34034

Affected Products

Coolify