LOW
coollabsio
CVE published 2026-06-22
CVE-2026-12815
CVE-2026-12815 is an OS command injection vulnerability in coollabsio coolify 4.0.0's Image Name Handler. Attackers can manipulate the image name to inject OS commands remotely. The vulnerability has a CVSS score of 2.1 and is considered low severity. The vendor, coollabsio, was contacted but did not respond. The changelog for version 4.1.2 mentions improved input validation for images, branches, proxies, [truncated]