Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable but requires authenticated low-privileged account (PR:L); no scope change; impact is limited to low across CIA triad per CVSS 4.0 mapping.
Primary rating from Vendor (vuldb).
CVSS VectorVendor: vuldb
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was detected in coollabsio Coolify up to 4.1.1. The impacted element is an unknown function of the file /app/Policies/ of the component Policy Handler. Performing a manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit is now public and may be used.
AnalysisAI
Missing authorization in Coolify's Policy Handler allows authenticated remote attackers to bypass resource-level access controls in versions up to 4.1.1. The flaw resides in the /app/Policies/ component, where policy enforcement checks are absent or incomplete, enabling low-privileged users to access or manipulate resources beyond their intended authorization scope. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid authenticated session with at minimum a low-privileged Coolify account (PR:L confirmed by CVSS 4.0 vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 2.1 reflects the limited blast radius: PR:L confirms exploitation requires an authenticated low-privileged account, and VC:L/VI:L/VA:L indicates only low-impact access violations rather than full system compromise. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated Coolify user with a standard low-privileged account sends crafted HTTP requests to resource endpoints that should be restricted by policy checks; because the relevant Policy Handler methods are missing or stubbed out, the authorization gate is never enforced and the server returns or modifies data belonging to other users or teams. A public POC archive demonstrating this has been published on GitHub, lowering the skill threshold for exploitation. |
| Remediation | Upgrade Coolify to a version beyond 4.1.1 once a patched release is issued by coollabsio - no confirmed patched version number is present in the available data, so monitor the official Coolify GitHub repository and release notes for a fix. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43248
GHSA-6qvw-24xv-xqw6