Coolify: Authenticated Remote Code Execution via Command Injection in Destination...

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an authenticated command injection vulnerability in the Destination Network Management functionality allows users with destination management permissions to execute arbitrary commands as root on managed servers. The "network" parameter is passed directly to shell commands without proper sanitization, enabling full remote code execution on the host system. This vulnerability is fixed in 4.0.0-beta.471.

AI Analysis

Authenticated command injection vulnerability in Destination Network Management functionality allowing remote code execution as root

Basic Information

ID CVE-2026-34594

Source GitHub_M

Published Jun 29, 2026 at 20:21

Affected Product

Vendor coollabsio

Product coolify

Version < 4.0.0-beta.471

Affected Versions coollabsio coolify < 4.0.0-beta.471

CWE Classification

CWE-78

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor coollabsio

Product Coolify

Version < 4.0.0-beta.471

References

github.com /coollabsio/coolify/security/advisories/GHSA-mf8p-rj62-9f9m

{
    "lastseen": "",
    "description": "Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an authenticated command injection vulnerability in the Destination Network Management functionality allows users with destination management permissions to execute arbitrary commands as root on managed servers. The \"network\" parameter is passed directly to shell commands without proper sanitization, enabling full remote code execution on the host system. This vulnerability is fixed in 4.0.0-beta.471.",
    "published": "2026-06-29T20:21:59.728Z",
    "modified": "2026-06-29T20:21:59.728Z",
    "type": "cve",
    "title": "Coolify: Authenticated Remote Code Execution via Command Injection in Destination Network Management",
    "source": "GitHub_M",
    "references": "https://github.com/coollabsio/coolify/security/advisories/GHSA-mf8p-rj62-9f9m",
    "id": "CVE-2026-34594",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "coollabsio coolify < 4.0.0-beta.471",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "coolify",
    "version": "< 4.0.0-beta.471",
    "vendor": "coollabsio",
    "ai_description": "Authenticated command injection vulnerability in Destination Network Management functionality allowing remote code execution as root",
    "ai_severity": "High",
    "ai_vendor": "coollabsio",
    "ai_product": "Coolify",
    "ai_version": "< 4.0.0-beta.471",
    "ai_score": 8.8
}

Coolify: Authenticated Remote Code Execution via Command Injection in Destination Network Management_CVE-2026-34594