CVE-2026-42200

HIGH

Coolify: PostgreSQL Init Script Path Traversal Leads to Arbitrary File Write and Root RCE

Title source: cna
STIX 2.1

Description

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script (generate_init_scripts() method in app/Actions/Database/StartPostgresql.php) filename handling did not sufficiently restrict paths, allowing an authenticated user to write files outside the intended directory and achieve command execution through database initialization. This issue is fixed in version 4.0.0-beta.474.

Scores

CVSS v3 8.8
EPSS 0.0054
EPSS Percentile 41.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-22
Status published
Products (1)
coollabsio/coolify < 4.0.0-beta.474
Published Jul 07, 2026
Tracked Since Jul 07, 2026