PatchSiren cyber security CVE debrief
CVE-2026-34048 coollabsio CVE debrief
Coolify, an open-source tool for managing servers, applications, and databases, had a vulnerability in its terminal websocket bootstrap routes. This allowed a low-privileged team member to connect to terminal routes and execute commands on team servers due to insufficient authorization checks. The issue was fixed in version 4.0.0-beta.471. Users of Coolify should update to prevent unauthorized access. This vulnerability is critical with a CVSS score of 9.9.
- Vendor
- coollabsio
- Product
- coolify
- CVSS
- CRITICAL 9.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-07
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-07
- Advisory updated
- 2026-07-07
Who should care
Users of Coolify versions prior to 4.0.0-beta.471 should update to the latest version to prevent unauthorized access to terminal routes. This includes operators, platform administrators, vulnerability management teams, and security teams who manage or monitor Coolify deployments.
Technical summary
Coolify, an open-source tool for managing servers, applications, and databases, had a vulnerability in its terminal websocket bootstrap routes. This allowed a low-privileged team member to connect to terminal routes and execute commands on team servers due to insufficient authorization checks. The issue was fixed in version 4.0.0-beta.471. Users of Coolify should update to prevent unauthorized access. Affected deployments may exist in managed environments, requiring verification. Operators, platform administrators, vulnerability management teams, and security teams should review and restrict access to terminal routes, monitor for suspicious activity, and confirm whether affected product deployments exist. Evidence from the CVE record, NVD entry, GitHub commit, and release notes supports this advisory. To verify, defenders should review the official advisory and check for affected product deployments in managed environments.
Defensive priority
High
Recommended defensive actions
- Update Coolify to version 4.0.0-beta.471 or later
- Review and restrict access to terminal routes
- Monitor for suspicious activity on team servers
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record and NVD entry provide information on the vulnerability and its fix. The GitHub commit and release notes confirm the fix in version 4.0.0-beta.471. To verify, defenders should review the official advisory and check for affected product deployments in managed environments. Evidence limits suggest that further details may be available through additional sources, but none are confirmed. Affected scope appears limited to Coolify versions prior to 4.0.0-beta.471.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T04:17:48.417Z and has not been modified since then.