PT-2026-56138 · Coolify · Coolify
Published
2026-07-07
·
Updated
2026-07-07
·
CVE-2026-42145
CVSS v3.1
3.1
Low
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Coolify versions prior to 4.0.0-beta.474
Description
An issue exists in the file upload endpoint
app/Http/Controllers/UploadController.php used for database backup restore uploads. The system fails to enforce file type or size validation, which allows an authenticated user to upload oversized or unexpected files, potentially impacting service availability.Recommendations
Update to version 4.0.0-beta.474.
Fix
Allocation of Resources Without Limits
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Coolify