PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-34044 coollabsio CVE debrief

CVE-2026-34044 is a high-severity vulnerability in Coolify's Logs::mount() component. Prior to version 4.0.0-beta.466, the component looks up resources by UUID without scoping the lookup to the current team. This allows an authenticated user to access logs for applications owned by other teams by supplying a victim resource UUID. The issue is fixed in version 4.0.0-beta.466. Affected users should update to the fixed version and monitor for suspicious activity.

Vendor
coollabsio
Product
coolify
CVSS
HIGH 7.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-07
Original CVE updated
2026-07-07
Advisory published
2026-07-07
Advisory updated
2026-07-07

Who should care

Users of Coolify, especially those with multiple teams and applications, should be aware of this vulnerability. An authenticated user with access to the system could potentially access sensitive log information from other teams' applications. Operators, platform administrators, and security teams should review the vulnerability and take necessary actions to protect their systems.

Technical summary

The Logs::mount() component in Coolify, prior to version 4.0.0-beta.466, does not properly scope resource lookups by UUID to the current team. This allows an authenticated user to access logs for applications they do not own by providing a UUID of a resource from another team. The vulnerability has a CVSS score of 7.7 and is considered high severity. Affected deployments should be identified and owners assigned for follow-up.

Defensive priority

High priority should be given to updating Coolify to version 4.0.0-beta.466 or later. In the meantime, monitoring for suspicious log access patterns and ensuring proper team scoping for resource access controls are recommended.

Recommended defensive actions

  • Update Coolify to version 4.0.0-beta.466 or later
  • Monitor for suspicious log access patterns
  • Review and enforce proper team scoping for resource access controls
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The CVE record was published on 2026-07-07T04:17:48.153Z and was last modified on 2026-07-07T13:22:13.557Z. The NVD entry is currently Deferred. Evidence is limited to public sources and may not reflect the full scope or impact of the vulnerability. Defenders should verify affected systems and review official advisories for specific guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T04:17:48.153Z and has not been modified since then. The NVD entry is currently Deferred.