Ghostwire

CVE-2026-34049: Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.451...

LOW CVSS 3.3 Exploit Available

Published: July 6, 2026 | Last Modified: July 6, 2026

Description

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.451 through 4.0.0-beta.470, database backup handling for MongoDB collection names did not fully validate shell metacharacters, allowing a highly privileged attacker who can configure backup inputs to inject commands. This issue is fixed in version 4.0.0-beta.471.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References