{"id":81256,"date":"2026-06-30T01:17:23","date_gmt":"2026-06-29T21:47:23","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-34592-coolify-cross-team-idor-via-unscoped-server-and-project-lookups-exposes-ssh-keys-and-infrastructure\/"},"modified":"2026-06-30T01:17:23","modified_gmt":"2026-06-29T21:47:23","slug":"cve-2026-34592-coolify-cross-team-idor-via-unscoped-server-and-project-lookups-exposes-ssh-keys-and-infrastructure","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-34592-coolify-cross-team-idor-via-unscoped-server-and-project-lookups-exposes-ssh-keys-and-infrastructure\/","title":{"rendered":"CVE-2026-34592 &#8211; Coolify: Cross-Team IDOR via Unscoped Server and Project Lookups Exposes SSH Keys and Infrastructure"},"content":{"rendered":"<p>CVE ID :CVE-2026-34592<\/p>\n<p>  Published : June 29, 2026, 9:47 p.m. | 1\u00a0hour, 58\u00a0minutes ago<\/p>\n<p>  Description :Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, Coolify server and project lookups are not scoped to the current team, allowing any authenticated user to access servers and projects belonging to other teams by specifying their IDs directly. This vulnerability is fixed in 4.0.0-beta.471.<\/p>\n<p>  Severity: 7.7 | HIGH<\/p>\n<p>  Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID :CVE-2026-34592 Published : June 29, 2026, 9:47 p.m. | 1\u00a0hour, 58\u00a0minutes ago Description :Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, Coolify server and project lookups are not scoped to the current team, allowing any authenticated user to access servers and projects belonging to other &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-81256","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/81256","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=81256"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/81256\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=81256"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=81256"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=81256"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}