PatchSiren cyber security CVE debrief
CVE-2026-34168 coollabsio CVE debrief
CVE-2026-34168 is a high-severity vulnerability in Coolify, an open-source tool for managing servers, applications, and databases. The vulnerability allows an authenticated user to execute commands on managed servers when a resource is deleted due to improper shell argument escaping in the LocalPersistentVolume.name field. This issue is fixed in version 4.0.0-beta.471. The vulnerability has a CVSS score of 8.8, indicating a high severity. Users of Coolify versions prior to 4.0.0-beta.471 should apply the patch to prevent potential command injection attacks.
- Vendor
- coollabsio
- Product
- coolify
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-07
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-07
- Advisory updated
- 2026-07-07
Who should care
Users of Coolify versions prior to 4.0.0-beta.471 should apply the patch to prevent potential command injection attacks. System administrators and security teams responsible for managing servers, applications, and databases should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability exists in the LocalPersistentVolume.name field, where user input is directly interpolated into docker volume shell commands without proper shell argument escaping. An authenticated user can set a storage name containing shell metacharacters, allowing them to execute commands on managed servers when the resource is deleted. The CVSS score for this vulnerability is 8.8, indicating a high severity. System administrators and security teams should review their current configurations and monitor for any suspicious activity.
Defensive priority
High priority should be given to applying the patch in version 4.0.0-beta.471. Users should also review their current configurations and monitor for any suspicious activity.
Recommended defensive actions
- Apply the patch in version 4.0.0-beta.471
- Review current configurations for potential vulnerabilities
- Monitor for suspicious activity
- Restrict access to the LocalPersistentVolume.name field
- Implement additional security measures to prevent command injection attacks
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review compensating controls for exposed systems while remediation is scheduled and verified
Evidence notes
The CVE record was published on 2026-07-07T04:17:50.180Z and last modified on 2026-07-07T15:16:44.500Z. The NVD entry is currently Deferred. The vulnerability is tracked under CWE-78. Evidence limits suggest that further verification is needed to confirm affected scope and severity. Defenders should verify the official advisory and CVE record for more information.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T04:17:50.180Z and has not been modified since then. The NVD entry is currently Deferred.