CVE Catalog

CVE-2026-12815

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.16%

63th percentile — higher than 63% of all known CVEs

Summary

A vulnerability has been found in coollabsio coolify version 4.0.0, affecting an unknown function of the Image Name Handler component. Manipulation of this function leads to OS command injection.

Risk Assessment

An attacker may exploit this vulnerability remotely, posing a significant security risk to the system.

Recommendation

It is recommended to upgrade to version 4.1.2 or later, which improves input validation for images, branches, proxies, and deployments.

Original NVD description (English source)

A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the component Image Name Handler. Such manipulation leads to os command injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way. The changelog for 4.1.2 mentions "[i]mproved image, branch, proxy, and deployment input validation".

Vulnerability data from NVD (NIST) · CISA KEV · EPSS