Description
A vulnerability was detected in coollabsio Coolify up to 4.1.1. The impacted element is an unknown function of the file /app/Policies/ of the component Policy Handler. Performing a manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Problem types
Product status
4.1.1
Timeline
| 2026-07-12: | Advisory disclosed |
| 2026-07-12: | VulDB entry created |
| 2026-07-12: | VulDB entry last update |
Credits
lakshay12311 (VulDB User)
References
vuldb.com/vuln/377836 (VDB-377836 | coollabsio Coolify Policy Policies authorization)
vuldb.com/vuln/377836/cti (VDB-377836 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/cve/CVE-2026-15507 (CVE-2026-15507 | CVE Analysis and Report)
vuldb.com/submit/845670 (Submit #845670 | coolLabs Coolify 4.1.1 Missing Authorization)
github.com/...ry/blob/main/coolify-resource-policy-stubs.zip