Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 07 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 07 Jul 2026 00:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Coollabsio
Coollabsio coolify |
|
| Vendors & Products |
Coollabsio
Coollabsio coolify |
Mon, 06 Jul 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote command injection vulnerability in application deployment handling allows users with application write permissions to achieve remote code execution and exfiltrate sensitive environment variables through deployment logs via fields such as dockerfile_location and deployment commands. This issue is fixed in version 4.0.0-beta.469. | |
| Title | Coolify authenticated remote command injection leading to RCE and secret exfiltration | |
| Weaknesses | CWE-78 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-07T12:42:59.446Z
Reserved: 2026-03-25T15:29:04.744Z
Link: CVE-2026-34038
Updated: 2026-07-07T12:42:09.980Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-07T05:30:04Z