Impact
An authenticated command injection flaw exists in Coolify’s Destination Network Management feature. By supplying a crafted "network" parameter, an attacker can run arbitrary shell commands as the root user on all servers managed by Coolify. This represents a severe compromise of confidentiality, integrity, and availability for any host under the tool’s control, as the vulnerability is not limited to the web application itself but extends to the underlying operating systems.
Affected Systems
The affected product is Coolify from coollabsio. Versions earlier than 4.0.0-beta.471 are vulnerable. Users who possess destination management permissions in these releases are able to exploit the flaw.
Risk and Exploitability
The CVSS score of 8.8 classifies the vulnerability as High severity. While an EPSS score of 1% indicates a low probability of exploitation, the absence of a publicly known exploit in the CISA KEV list does not diminish the risk; the attacker must be authenticated with destination‑management privilege, which is a realistic scenario in many installations. Exploitation requires only creation of a crafted network parameter in the management interface, making it straightforward for a compromised or malicious account to achieve full root access on the host.
OpenCVE Enrichment