PT-2026-56137 · Coolify · Coolify
Published
2026-07-07
·
Updated
2026-07-07
·
CVE-2026-42143
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Coolify versions prior to 4.0.0-beta.471
Description
Coolify is an open-source tool for managing servers, applications, and databases. An authenticated member can execute commands as root on managed servers by injecting shell metacharacters into persistent volume names. This occurs because these user-controlled names are interpolated into shell commands without proper escaping or validation when volume operations are triggered.
Recommendations
Update to version 4.0.0-beta.471.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Coolify