Home

Description

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script (generate_init_scripts() method in app/Actions/Database/StartPostgresql.php) filename handling did not sufficiently restrict paths, allowing an authenticated user to write files outside the intended directory and achieve command execution through database initialization. This issue is fixed in version 4.0.0-beta.474.

PUBLISHED Reserved 2026-04-25 | Published 2026-07-07 | Updated 2026-07-07 | Assigner GitHub_M




HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

< 4.0.0-beta.474
affected

References

github.com/...oolify/security/advisories/GHSA-mv4c-9x67-rrmv exploit

github.com/...oolify/security/advisories/GHSA-mv4c-9x67-rrmv

github.com/coollabsio/coolify/pull/9681

github.com/...ommit/1cf6c7d0aef8e0edb800ae43f44ded102397cb13

github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.474

cve.org (CVE-2026-42200)

nvd.nist.gov (CVE-2026-42200)

Download JSON