CNNVD-202601-821 Information
Jan 05, 2026
cve
CNNVD ID
CNNVD-202601-821
Related CVE
- CNNVD Published: 2026-01-05
Description (Chinese)
Coolify是coolLabs开源的一个开源和自托管的 Heroku/Netlify/Vercel 替代品。 Coolify v4.0.0-beta.434及之前版本存在安全漏洞,该漏洞源于可修改密码重置请求的主机标头,可能导致账户接管。
Description (English)
Coolify is an open-source and self-hosted Heroku/Netlift/Vercel alternative to the coolLabs open source. Coolify v.4.0.0-beta 434 and earlier versions had a security loophole, which originated from the host header that could modify the password replacement request and could lead to the account being taken over.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
coolLabs
Published
2026-01-05
Last Modified
2026-02-24
References
https://drive.google.com/file/d/1I5sJHcpetJbKlwVS2usAD7qmgH37Y4rw/view?usp=drive_link https://github.com/coollabsio/coolify/security/advisories/GHSA-f737-2p93-g2cw