Description
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user (member) can see and use invitation links sent to an administrator. When they use the link before the legitimate recipient does, they are able to log in as an administrator, meaning they have successfully escalated their privileges. As of time of publication, it is unclear if a patch is available.
Related CPE's
a
coollabs
coolify
References
https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j
https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 · High
Information
Source identifier
Vulnerability status
Analyzed
Published
2026-01-05T21:16:12.550Z
5 days agoLast modified
2026-01-09T16:10:47.633Z
31 hours ago