CVE-2026-34153 | coollabsio Coolify up to 4.0.0-beta.470 File Storage LocalFileVolume.php saveStorageOnServer fs_path/parent_dir os command injection

SecurityVulns

A vulnerability, which was classified as problematic, has been found in coollabsio Coolify up to 4.0.0-beta.470. The impacted element is the function saveStorageOnServer of the file LocalFileVolume.php of the component File Storage. The manipulation of the argument fs_path/parent_dir leads to os command injection.

This vulnerability is traded as CVE-2026-34153. It is possible to initiate the attack remotely. There is no exploit available.VulDB Recent EntriesRead More