All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

CVE-2026-34592: Coolify Vulnerability Allows Cross-Team Access to Servers and Projects

4h ago· 2 min readenNews
technologyprogramming

Summary

A security vulnerability (CVE-2026-34592) was discovered in Coolify, an open-source server management tool. Prior to version 4.0.0-beta.471, the application failed to properly scope server and project lookups to the current team, allowing any authenticated user to access resources belonging to other teams by directly specifying their IDs. The vulnerability has been fixed in version 4.0.0-beta.471.

Source

bskyCVE-2026-34592: Coolify Vulnerability Allows Cross-Team Access to Servers and Projectsnvd.nist.gov

Key quotes

· 3 pulled
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases.
Prior to 4.0.0-beta.471, Coolify server and project lookups are not scoped to the current team, allowing any authenticated user to access servers and projects belonging to other teams by specifying their IDs directly.
This vulnerability is fixed in 4.0.0-beta.471.
Snippet from the RSS feed
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, Coolify server and project lookups are not scoped to the current team, allowing any authenticated user to access servers and proje

You might also wanna read

Critical RCE vulnerability CVE-2026-3854 discovered in GitHub's internal git infrastructure

Wiz Research discovered a critical vulnerability (CVE-2026-3854) in GitHub's internal git infrastructure affecting both GitHub.com and GitHu

Wiz.io·2mo ago

Critical Authentication Bypass Vulnerability Discovered in cPanel & WHM (CVE-2026-41940)

watchTowr Labs reports on a critical authentication bypass vulnerability (CVE-2026-41940) in cPanel & WHM, a widely-used web hosting control

watchTowr Labs·2mo ago

Critical Security Vulnerability CVE-2025-66478 in React Server Components Protocol

A critical security vulnerability (CVE-2025-66478) has been discovered in the React Server Components (RSC) protocol with a CVSS score of 10

nextjs.org·6mo ago

Critical React Vulnerability (CVE-2025-55182) Enables Remote Code Execution in React 19 and Next.js

A critical security vulnerability (CVE-2025-55182) has been discovered in React Server Components' 'Flight' protocol, affecting React 19 and

wiz.io·6mo ago

CVE-2026-48710 (BadHost): Critical Starlette Host-Header Auth Bypass Vulnerability Affects FastAPI and Python ASGI Applications

A critical security vulnerability (CVE-2026-48710, dubbed "BadHost") has been discovered in Starlette web framework versions prior to 1.0.1,

badhost.org·1mo ago

Critical GitHub Copilot Vulnerability Allowed Source Code and Secret Exfiltration

A critical vulnerability (CVSS 9.6) was discovered in GitHub Copilot Chat in June 2025 that allowed attackers to silently exfiltrate secrets

legitsecurity.com·8mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.