PT-2026-56137 · Coolify · Coolify

Published

2026-07-07

·

Updated

2026-07-07

·

CVE-2026-42143

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471
Description Coolify is an open-source tool for managing servers, applications, and databases. An authenticated member can execute commands as root on managed servers by injecting shell metacharacters into persistent volume names. This occurs because these user-controlled names are interpolated into shell commands without proper escaping or validation when volume operations are triggered.
Recommendations Update to version 4.0.0-beta.471.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-42143

Affected Products

Coolify