Description
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an authenticated command injection vulnerability in the Destination Network Management functionality allows users with destination management permissions to execute arbitrary commands as root on managed servers. The "network" parameter is passed directly to shell commands without proper sanitization, enabling full remote code execution on the host system. This vulnerability is fixed in 4.0.0-beta.471.
Published: 2026-06-29
Score: 8.8 High
EPSS: 1.1% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An authenticated command injection flaw exists in Coolify’s Destination Network Management feature. By supplying a crafted "network" parameter, an attacker can run arbitrary shell commands as the root user on all servers managed by Coolify. This represents a severe compromise of confidentiality, integrity, and availability for any host under the tool’s control, as the vulnerability is not limited to the web application itself but extends to the underlying operating systems.

Affected Systems

The affected product is Coolify from coollabsio. Versions earlier than 4.0.0-beta.471 are vulnerable. Users who possess destination management permissions in these releases are able to exploit the flaw.

Risk and Exploitability

The CVSS score of 8.8 classifies the vulnerability as High severity. While an EPSS score of 1% indicates a low probability of exploitation, the absence of a publicly known exploit in the CISA KEV list does not diminish the risk; the attacker must be authenticated with destination‑management privilege, which is a realistic scenario in many installations. Exploitation requires only creation of a crafted network parameter in the management interface, making it straightforward for a compromised or malicious account to achieve full root access on the host.

Generated by OpenCVE AI on June 30, 2026 at 15:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Coolify to version 4.0.0-beta.471 or a later release that contains the security fix.
  • If immediate upgrade is not possible, explicitly remove destination management permissions from all non‑trusted users to eliminate the attack vector.
  • If upgrades are delayed, isolate the Web interface behind a strict firewall and ensure that only trusted administrators have network access to the Coolify API.

Generated by OpenCVE AI on June 30, 2026 at 15:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Coollabsio
Coollabsio coolify
Vendors & Products Coollabsio
Coollabsio coolify

Mon, 29 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an authenticated command injection vulnerability in the Destination Network Management functionality allows users with destination management permissions to execute arbitrary commands as root on managed servers. The "network" parameter is passed directly to shell commands without proper sanitization, enabling full remote code execution on the host system. This vulnerability is fixed in 4.0.0-beta.471.
Title Coolify: Authenticated Remote Code Execution via Command Injection in Destination Network Management
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Coollabsio Coolify
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-29T20:21:59.728Z

Reserved: 2026-03-30T17:15:52.499Z

Link: CVE-2026-34594

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T16:00:15Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')