PT-2026-56138 · Coolify · Coolify

Published

2026-07-07

·

Updated

2026-07-07

·

CVE-2026-42145

CVSS v3.1

3.1

Low

VectorAV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474
Description An issue exists in the file upload endpoint app/Http/Controllers/UploadController.php used for database backup restore uploads. The system fails to enforce file type or size validation, which allows an authenticated user to upload oversized or unexpected files, potentially impacting service availability.
Recommendations Update to version 4.0.0-beta.474.

Fix

Allocation of Resources Without Limits

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-42145

Affected Products

Coolify