CVE-2026-34599 – Coolify: Authenticated Remote Code Execution in GetLogs Livewire Component
CVE ID :CVE-2026-34599
Published : July 6, 2026, 9:20 p.m. | 27 minutes ago
Description :Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, there is an authenticated command injection vulnerability in the GetLogs Livewire component which allows users with team membership (lowest privilege member role) to execute arbitrary commands as root on managed servers. The $container Livewire public property is interpolated directly into shell commands (docker logs, docker service logs) without sanitization, and can be modified by any client via the Livewire wire protocol because it lacks the #[Locked] attribute. This issue is fixed in version 4.0.0-beta.471.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
آسیبپذیریهای جدید و وصلههای امنیتی بهصورت مداوم منتشر میشوند و عدم بروزرسانی بهموقع میتواند امنیت سرویسهای حیاتی را به خطر بیندازد. خدمات مدیریت و پشتیبانی سرور آفاق هاستینگ شامل پایش امنیتی، بروزرسانی نرمافزارها، نصب Patchهای امنیتی و سختسازی سرورها است.
خدمات مدیریت و امنیت سرور