CNNVD-202601-864 Information

CNNVD ID

CNNVD-202601-864

Related CVE

CVE-2025-59158

• CNNVD Published: 2026-01-05

Description (Chinese)

Coolify是coolLabs开源的一个开源和自托管的 Heroku/Netlify/Vercel 替代品。 Coolify v4.0.0-beta.420.6及之前版本存在安全漏洞，该漏洞源于项目创建流程中存在存储型跨站脚本，可能导致管理员浏览器环境中执行恶意代码。

Description (English)

Coolify is an open-source and self-hosted Heroku/Netlift/Vercel alternative to the coolLabs open source. There is a security loophole in Coolify v.4.0.0-beta.420.6 and earlier versions, which stems from the existence of stored cross-site scripts in the project creation process, which may result in the implementation of malicious codes in the manager browser environment.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

coolLabs

Published

2026-01-05

Last Modified

2026-02-24

References

https://github.com/coollabsio/coolify/security/advisories/GHSA-h52r-jxv9-9vhf https://access.redhat.com/security/cve/cve-2025-59158

Patch

https://github.com/coollabsio/coolify/releases