CNNVD-202601-842 Information

CNNVD ID

CNNVD-202601-842

Related CVE

CVE-2025-59156

• CNNVD Published: 2026-01-05

Description (Chinese)

Coolify是coolLabs开源的一个开源和自托管的 Heroku/Netlify/Vercel 替代品。 Coolify 4.0.0-beta.420.7之前版本存在操作系统命令注入漏洞，该漏洞源于应用部署流程中可注入任意Docker Compose指令，可能导致主机系统上的根级命令执行。

Description (English)

Coolify is an open-source and self-hosted Heroku/Netlift/Vercel alternative to the coolLabs open source. There was a gap in operating system commands before version 4.0.0-beta.420.7, which arose from the application deployment process that could inject any Docker Command command, which could result in the execution of root orders on the mainframe system.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

coolLabs

Published

2026-01-05

Last Modified

2026-02-24

References

https://github.com/coollabsio/coolify/security/advisories/GHSA-h5xw-7xvp-xrxr https://access.redhat.com/security/cve/cve-2025-59156

Patch

https://github.com/coollabsio/coolify/releases