PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-34048 coollabsio CVE debrief

Coolify, an open-source tool for managing servers, applications, and databases, had a vulnerability in its terminal websocket bootstrap routes. This allowed a low-privileged team member to connect to terminal routes and execute commands on team servers due to insufficient authorization checks. The issue was fixed in version 4.0.0-beta.471. Users of Coolify should update to prevent unauthorized access. This vulnerability is critical with a CVSS score of 9.9.

Vendor
coollabsio
Product
coolify
CVSS
CRITICAL 9.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-07
Original CVE updated
2026-07-07
Advisory published
2026-07-07
Advisory updated
2026-07-07

Who should care

Users of Coolify versions prior to 4.0.0-beta.471 should update to the latest version to prevent unauthorized access to terminal routes. This includes operators, platform administrators, vulnerability management teams, and security teams who manage or monitor Coolify deployments.

Technical summary

Coolify, an open-source tool for managing servers, applications, and databases, had a vulnerability in its terminal websocket bootstrap routes. This allowed a low-privileged team member to connect to terminal routes and execute commands on team servers due to insufficient authorization checks. The issue was fixed in version 4.0.0-beta.471. Users of Coolify should update to prevent unauthorized access. Affected deployments may exist in managed environments, requiring verification. Operators, platform administrators, vulnerability management teams, and security teams should review and restrict access to terminal routes, monitor for suspicious activity, and confirm whether affected product deployments exist. Evidence from the CVE record, NVD entry, GitHub commit, and release notes supports this advisory. To verify, defenders should review the official advisory and check for affected product deployments in managed environments.

Defensive priority

High

Recommended defensive actions

  • Update Coolify to version 4.0.0-beta.471 or later
  • Review and restrict access to terminal routes
  • Monitor for suspicious activity on team servers
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record and NVD entry provide information on the vulnerability and its fix. The GitHub commit and release notes confirm the fix in version 4.0.0-beta.471. To verify, defenders should review the official advisory and check for affected product deployments in managed environments. Evidence limits suggest that further details may be available through additional sources, but none are confirmed. Affected scope appears limited to Coolify versions prior to 4.0.0-beta.471.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T04:17:48.417Z and has not been modified since then.