PT-2026-56126 · Coolify · Coolify
Published
2026-07-07
·
Updated
2026-07-07
·
CVE-2026-34034
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Coolify versions prior to 4.0.0-beta.466
Description
An authenticated user with access to server Sentinel settings can execute commands on the host when Sentinel is restarted. This occurs because the
sentinel token setting is used in shell commands without sufficient validation, allowing for the injection of shell syntax.Recommendations
Update to version 4.0.0-beta.466.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Coolify