RCE in Coollabsio Coolify
CVE-2026-12815
A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the component Image Name Handler. Such manipulation leads to os command injection. The attack may be performed from remote. The vendor was conta…
Vulnerability class: Command Injection (OS Command Injection)
CVSS v3 metric
CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.
Affected products
- Coollabsio Coolify — versions 4.0.0
Weakness classification (CWE)
References
- cna@vuldb.com (vdb-entry)
- cna@vuldb.com (signature, permissions-required)
- cna@vuldb.com (third-party-advisory)
- cna@vuldb.com (third-party-advisory)
- cna@vuldb.com (related)
Frequently asked questions
- What is CVE-2026-12815?
- CVE-2026-12815 is a medium-severity vulnerability in Coollabsio Coolify, classified under Command Injection. CVSS score: 6.3/10. Published 2026-06-22.
- How severe is CVE-2026-12815?
- Medium severity. CVSS v3 base score is 6.3 out of 10.