{"vulnerability": "cve-2026-34037", "sightings": [{"uuid": "e29d6eba-658f-4a52-b6d7-84848433db07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34037", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpzpxpr5wr2h", "content": "CVE-2026-34037 - coolify\nA previous version of Coolify allowed authorized users to copy resources into accounts they shouldn't have access to. This means they could potentially access or modify sensitive\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#coolify #coollabsio #CVE #infosec", "creation_timestamp": "2026-07-07T04:04:05.789820Z"}, {"uuid": "d1bdd787-050d-466b-afa4-dfa6dbc99ef1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34037", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpzqxmsj2d2u", "content": "CVE-2026-34037 - Cross-Tenant Resource Cloning via Broken Object-Level Authorization in cloneTo()\nCVE ID : CVE-2026-34037\n \n Published : July 7, 2026, 3:21 a.m. | 26\u00a0minutes ago\n \n Description : Coolify is an open-source and self-hostable tool for managing servers, application...", "creation_timestamp": "2026-07-07T04:21:56.340324Z"}, {"uuid": "2b790be1-ad43-4935-9dbe-371dcaef9916", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34037", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116876812363283069", "content": "CVE-2026-34037: CRITICAL auth bypass in coollabsio coolify (=4.0.0-beta.464). Privileged users can clone resources into other teams, risking cross-tenant data exposure. Fix: upgrade to 4.0.0-beta.464. https://radar.offseq.com/threat/cve-2026-34037-cwe-639-authorization-bypass-throug-4bc62cd3de2ba764 #OffSeq #Vuln #coolify #Infosec", "creation_timestamp": "2026-07-07T04:30:26.920257Z"}, {"uuid": "6cc70ec7-f1f2-4869-84e5-03afa542e848", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34037", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpzrgv5c4723", "content": "CRITICAL: coollabsio coolify (=4.0.0-beta.464) has an auth bypass (CVE-2026-34037) allowing cross-tenant resource cloning. Upgrade to 4.0.0-beta.464 ASAP. https://radar.offseq.com/threat/cve-2026-34037-cwe-639-authorization-bypass-throug-4bc62cd3de2ba764 #OffSeq #Vulnerability #coolify", "creation_timestamp": "2026-07-07T04:30:29.501406Z"}]}