CVE-2026-34047
Coollabsio · Coolify
Coolify terminal WebSocket routes fail to enforce authorization, allowing authenticated users to access and execute commands on unauthorized resources.
Executive summary
A critical authorization vulnerability in Coolify allows authenticated users to bypass scope restrictions and execute arbitrary commands, posing a severe risk of unauthorized system control.
Vulnerability
This vulnerability involves an improper authorization flaw where terminal WebSocket bootstrap routes fail to validate user permissions. An authenticated user can leverage this to access terminal functionality for resources outside their authorized scope, potentially leading to arbitrary command execution.
Business impact
The impact of this vulnerability is critical, as it allows for unauthorized lateral movement and command execution within the infrastructure managed by Coolify. Given the CVSS score of 9.9, the potential for total system compromise is extremely high, which could lead to data exfiltration, service disruption, and complete loss of integrity for the managed applications and databases.
Remediation
Immediate Action: Upgrade Coolify to version 4.0.0-beta.471 or later immediately to apply the necessary authorization middleware fixes.
Proactive Monitoring: Review system and application access logs for unusual terminal session activity or commands executed by users outside of their assigned project scopes.
Compensating Controls: If immediate patching is not possible, restrict network access to the Coolify administrative interface to trusted management subnets only to limit the attack surface.
Exploitation status
Public Exploit Available: False
Analyst recommendation
This vulnerability represents a significant security risk due to the potential for unauthorized command execution across managed environments. Organizations should prioritize upgrading to version 4.0.0-beta.471 as soon as possible to ensure proper authorization enforcement and prevent unauthorized access to critical infrastructure.