Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-42147 (GCVE-0-2026-42147)
Vulnerability from cvelistv5 – Published: 2026-07-07 03:13 – Updated: 2026-07-07 03:13
VLAI
EPSS
Title
Coolify: SSRF via S3 Storage Endpoint in testConnection()
Summary
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection() sends a server-side request to the configured endpoint, allowing an authenticated user with storage management permissions to make Coolify request internal or metadata-service URLs. This issue is fixed in version 4.0.0-beta.474.
Severity
4.9 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/coollabsio/coolify/security/ad… | x_refsource_CONFIRM |
| https://github.com/coollabsio/coolify/commit/297e… | x_refsource_MISC |
| https://github.com/coollabsio/coolify/releases/ta… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| coollabsio | coolify |
Affected:
< 4.0.0-beta.474
|
{
"containers": {
"cna": {
"affected": [
{
"product": "coolify",
"vendor": "coollabsio",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.0-beta.474"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection() sends a server-side request to the configured endpoint, allowing an authenticated user with storage management permissions to make Coolify request internal or metadata-service URLs. This issue is fixed in version 4.0.0-beta.474."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T03:13:50.436Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coollabsio/coolify/security/advisories/GHSA-pwm4-w33c-wjf3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-pwm4-w33c-wjf3"
},
{
"name": "https://github.com/coollabsio/coolify/commit/297e9c41e19958f6237919794c28c3fb1d4cda32",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coollabsio/coolify/commit/297e9c41e19958f6237919794c28c3fb1d4cda32"
},
{
"name": "https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.474",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.474"
}
],
"source": {
"advisory": "GHSA-pwm4-w33c-wjf3",
"discovery": "UNKNOWN"
},
"title": "Coolify: SSRF via S3 Storage Endpoint in testConnection()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42147",
"datePublished": "2026-07-07T03:13:50.436Z",
"dateReserved": "2026-04-24T17:15:21.834Z",
"dateUpdated": "2026-07-07T03:13:50.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-42147\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-07-07T04:17:51.760\",\"lastModified\":\"2026-07-07T04:17:51.760\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection() sends a server-side request to the configured endpoint, allowing an authenticated user with storage management permissions to make Coolify request internal or metadata-service URLs. This issue is fixed in version 4.0.0-beta.474.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"coollabsio\",\"product\":\"coolify\",\"versions\":[{\"version\":\"\u003c 4.0.0-beta.474\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"references\":[{\"url\":\"https://github.com/coollabsio/coolify/commit/297e9c41e19958f6237919794c28c3fb1d4cda32\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.474\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/coollabsio/coolify/security/advisories/GHSA-pwm4-w33c-wjf3\",\"source\":\"security-advisories@github.com\"}]}}"
}
}
FKIE_CVE-2026-42147
Vulnerability from fkie_nvd - Published: 2026-07-07 04:17 - Updated: 2026-07-07 04:17
Severity
Summary
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection() sends a server-side request to the configured endpoint, allowing an authenticated user with storage management permissions to make Coolify request internal or metadata-service URLs. This issue is fixed in version 4.0.0-beta.474.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"product": "coolify",
"vendor": "coollabsio",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.0-beta.474"
}
]
}
],
"source": "security-advisories@github.com"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection() sends a server-side request to the configured endpoint, allowing an authenticated user with storage management permissions to make Coolify request internal or metadata-service URLs. This issue is fixed in version 4.0.0-beta.474."
}
],
"id": "CVE-2026-42147",
"lastModified": "2026-07-07T04:17:51.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-07-07T04:17:51.760",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/coollabsio/coolify/commit/297e9c41e19958f6237919794c28c3fb1d4cda32"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.474"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-pwm4-w33c-wjf3"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Received",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
WID-SEC-W-2026-2192
Vulnerability from csaf_certbund - Published: 2026-07-02 22:00 - Updated: 2026-07-06 22:00Summary
Coolify: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Coolify ist eine Open-Source-Plattform zur Vereinfachung der Bereitstellung und Verwaltung von Anwendungen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Coolify ausnutzen, um beliebigen Programmcode auszuführen, um seine Privilegien zu erhöhen, um Informationen offenzulegen, um falsche Informationen darzustellen, um Dateien zu manipulieren, um einen Denial of Service Angriff durchzuführen, und um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Coolify <4.0.0-beta.474
Open Source / Coolify
|
<4.0.0-beta.474 |
References
33 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Coolify ist eine Open-Source-Plattform zur Vereinfachung der Bereitstellung und Verwaltung von Anwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Coolify ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um seine Privilegien zu erh\u00f6hen, um Informationen offenzulegen, um falsche Informationen darzustellen, um Dateien zu manipulieren, um einen Denial of Service Angriff durchzuf\u00fchren, und um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-2192 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-2192.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-2192 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2192"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-389w-cc6x-wr2m vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-389w-cc6x-wr2m"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-3g6r-cxv5-3c7h vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-3g6r-cxv5-3c7h"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-46hp-7m8g-7622 vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-46hp-7m8g-7622"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-4fhp-xqqp-w7vv vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-4fhp-xqqp-w7vv"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-4mpw-wcj4-v9pp vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-4mpw-wcj4-v9pp"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-4vff-6j8j-qhcg vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-4vff-6j8j-qhcg"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-565g-9j4m-wqmr vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-565g-9j4m-wqmr"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-5qp8-9gg7-4c86 vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-5qp8-9gg7-4c86"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-652w-qv22-2r7c vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-652w-qv22-2r7c"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-66gv-g2w9-6wxp vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-66gv-g2w9-6wxp"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-6pmw-6m96-4v4m vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-6pmw-6m96-4v4m"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-6r3g-w7x8-54fj vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-6r3g-w7x8-54fj"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-782c-3jq5-fw4j vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-782c-3jq5-fw4j"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-962v-gxmw-56hc vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-962v-gxmw-56hc"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-c339-w3cq-2rjr vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-c339-w3cq-2rjr"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-c83f-5ph7-x8xv vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-c83f-5ph7-x8xv"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-cgj8-7m5q-x5gv vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-cgj8-7m5q-x5gv"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-chg4-63hm-xv9x vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-chg4-63hm-xv9x"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-f35h-g2c2-q36v vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-f35h-g2c2-q36v"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-f47p-xrgc-977v vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-f47p-xrgc-977v"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-ggrr-wrvr-x83v vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-ggrr-wrvr-x83v"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-gvc4-f276-r88p vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-gvc4-f276-r88p"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-j6j2-frv3-g6f7 vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-j6j2-frv3-g6f7"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-mh8x-fppq-cp77 vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-mh8x-fppq-cp77"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-mv4c-9x67-rrmv vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-mv4c-9x67-rrmv"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-mw6q-2hmg-mhxv vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-mw6q-2hmg-mhxv"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-pwm4-w33c-wjf3 vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-pwm4-w33c-wjf3"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-q9j6-xcvx-px63 vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-q9j6-xcvx-px63"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-rpr8-p7jc-x844 vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-rpr8-p7jc-x844"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-v64c-v633-58xp vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-v64c-v633-58xp"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-x9qh-w4c4-54f9 vom 2026-07-02",
"url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-x9qh-w4c4-54f9"
}
],
"source_lang": "en-US",
"title": "Coolify: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-07-06T22:00:00.000+00:00",
"generator": {
"date": "2026-07-07T07:31:42.368+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-2192",
"initial_release_date": "2026-07-02T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-07-02T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-07-06T22:00:00.000+00:00",
"number": "2",
"summary": "CVE-Nummern erg\u00e4nzt"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.0.0-beta.474",
"product": {
"name": "Open Source Coolify \u003c4.0.0-beta.474",
"product_id": "T056143"
}
},
{
"category": "product_version",
"name": "4.0.0-beta.474",
"product": {
"name": "Open Source Coolify 4.0.0-beta.474",
"product_id": "T056143-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:coollabs:coolify:4.0.0-beta.474"
}
}
}
],
"category": "product_name",
"name": "Coolify"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-66209",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2025-66209"
},
{
"cve": "CVE-2025-66213",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2025-66213"
},
{
"cve": "CVE-2026-32718",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-32718"
},
{
"cve": "CVE-2026-34034",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-34034"
},
{
"cve": "CVE-2026-34035",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-34035"
},
{
"cve": "CVE-2026-34037",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-34037"
},
{
"cve": "CVE-2026-34044",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-34044"
},
{
"cve": "CVE-2026-34047",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-34047"
},
{
"cve": "CVE-2026-34048",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-34048"
},
{
"cve": "CVE-2026-34050",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-34050"
},
{
"cve": "CVE-2026-34057",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-34057"
},
{
"cve": "CVE-2026-34058",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-34058"
},
{
"cve": "CVE-2026-34149",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-34149"
},
{
"cve": "CVE-2026-34152",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-34152"
},
{
"cve": "CVE-2026-34158",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-34158"
},
{
"cve": "CVE-2026-34167",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-34167"
},
{
"cve": "CVE-2026-34170",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-34170"
},
{
"cve": "CVE-2026-34171",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-34171"
},
{
"cve": "CVE-2026-34198",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-34198"
},
{
"cve": "CVE-2026-34599",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-34599"
},
{
"cve": "CVE-2026-41899",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-41899"
},
{
"cve": "CVE-2026-42143",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-42143"
},
{
"cve": "CVE-2026-42145",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-42145"
},
{
"cve": "CVE-2026-42147",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-42147"
},
{
"cve": "CVE-2026-42148",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-42148"
},
{
"cve": "CVE-2026-42153",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-42153"
},
{
"cve": "CVE-2026-42172",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-42172"
},
{
"cve": "CVE-2026-42200",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-42200"
},
{
"cve": "CVE-2026-42204",
"product_status": {
"known_affected": [
"T056143"
]
},
"release_date": "2026-07-02T22:00:00.000+00:00",
"title": "CVE-2026-42204"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…