CVE-2026-34037
CRITICAL
9.9
CVSS 3.1
Description
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo() Livewire action in ResourceOperations.php authorizes the source resource but resolves destination resources with unscoped Eloquent lookups, allowing an authenticated user to clone resources into destinations owned by other teams and access cross-tenant resources. This issue is fixed in version 4.0.0-beta.464.
Metadata
Severity & Metrics
9.9
CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| coollabsio | coolify | — | < 4.0.0-beta.464 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-639 | cna | CWE-639: Authorization Bypass Through User-Controlled Key |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 9.9 | CRITICAL | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L |
References (3)
- https://github.com/coollabsio/coolify/security/advisories/GHSA-ggrr-wrvr-x83v https://github.com/coollabsio/coolify/security/advisories/GHSA-ggrr-wrvr-x83v
- https://github.com/coollabsio/coolify/commit/1759a1631cd63271ebf6caa250c6d93440eaa333 https://github.com/coollabsio/coolify/commit/1759a1631cd63271ebf6caa250c6d93440eaa333
- https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.464 https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.464