PatchSiren cyber security CVE debrief
CVE-2026-34044 coollabsio CVE debrief
CVE-2026-34044 is a high-severity vulnerability in Coolify's Logs::mount() component. Prior to version 4.0.0-beta.466, the component looks up resources by UUID without scoping the lookup to the current team. This allows an authenticated user to access logs for applications owned by other teams by supplying a victim resource UUID. The issue is fixed in version 4.0.0-beta.466. Affected users should update to the fixed version and monitor for suspicious activity.
- Vendor
- coollabsio
- Product
- coolify
- CVSS
- HIGH 7.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-07
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-07
- Advisory updated
- 2026-07-07
Who should care
Users of Coolify, especially those with multiple teams and applications, should be aware of this vulnerability. An authenticated user with access to the system could potentially access sensitive log information from other teams' applications. Operators, platform administrators, and security teams should review the vulnerability and take necessary actions to protect their systems.
Technical summary
The Logs::mount() component in Coolify, prior to version 4.0.0-beta.466, does not properly scope resource lookups by UUID to the current team. This allows an authenticated user to access logs for applications they do not own by providing a UUID of a resource from another team. The vulnerability has a CVSS score of 7.7 and is considered high severity. Affected deployments should be identified and owners assigned for follow-up.
Defensive priority
High priority should be given to updating Coolify to version 4.0.0-beta.466 or later. In the meantime, monitoring for suspicious log access patterns and ensuring proper team scoping for resource access controls are recommended.
Recommended defensive actions
- Update Coolify to version 4.0.0-beta.466 or later
- Monitor for suspicious log access patterns
- Review and enforce proper team scoping for resource access controls
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record was published on 2026-07-07T04:17:48.153Z and was last modified on 2026-07-07T13:22:13.557Z. The NVD entry is currently Deferred. Evidence is limited to public sources and may not reflect the full scope or impact of the vulnerability. Defenders should verify affected systems and review official advisories for specific guidance.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T04:17:48.153Z and has not been modified since then. The NVD entry is currently Deferred.