CVE-2026-12815
MediumCVSS 6.3Exploitation Probability (EPSS)
Elevated risk63th percentile — higher than 63% of all known CVEs
Summary
A vulnerability has been found in coollabsio coolify version 4.0.0, affecting an unknown function of the Image Name Handler component. Manipulation of this function leads to OS command injection.
Risk Assessment
An attacker may exploit this vulnerability remotely, posing a significant security risk to the system.
Recommendation
It is recommended to upgrade to version 4.1.2 or later, which improves input validation for images, branches, proxies, and deployments.
Original NVD description (English source)
A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the component Image Name Handler. Such manipulation leads to os command injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way. The changelog for 4.1.2 mentions "[i]mproved image, branch, proxy, and deployment input validation".

