Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Coolify critical vulnerabilities (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 25
1 unique sources, 1 articles

Summary

Hide ▲

Coolify disclosed 11 critical vulnerabilities in its self-hosting platform, creating risk of root-level remote code execution and full server compromise on exposed instances. The weaknesses include command injection, authentication bypass, information disclosure, and stored XSS across database backup/import, PostgreSQL init scripts, Dynamic Proxy Configuration, File Storage Directory Mount, docker-compose.yaml, and Git Repository handling. Fixes are available for several affected beta releases, including <= 4.0.0-beta.448, <= 4.0.0-beta.450, < 4.0.0-beta.436, <= 4.0.0-beta.434, and <= 4.0.0-beta.420.6. Censys counted about 52,890 exposed Coolify hosts, and no in-the-wild exploitation has been observed yet.

Related Happenings

Google Looker Studio cross-tenant SQL injection flaws SQL injection flaw

Vulnerability
First: 10.03.2026 15:20 Last: 10.03.2026 15:20 Sources 1

About this happening: Researchers disclosed **nine cross-tenant vulnerabilities** in **Google Looker Studio** that could let attackers run **arbitrary SQL queries** on victims' databases and exfiltrate...

Open Happening

N8n sandbox escape flaws (multiple vulnerabilities)

Vulnerability
First: 04.02.2026 15:00 Last: 04.02.2026 15:00 Sources 1

About this happening: Two **maximum-severity sandbox-escape flaws** in **n8n** expose **self-hosted and cloud instances** to **complete server takeover** and **credential theft**. An **authenticated us...

Open Happening

GoBruteforcer botnet expands against crypto and blockchain project databases

Malware Activity
First: 12.01.2026 12:48 Last: 12.01.2026 12:48 Sources 1

About this happening: The **GoBruteforcer** botnet has entered a **new wave of attacks** that targets **cryptocurrency and blockchain project databases** and turns **Linux servers** into credential-bru...

Open Happening

GoBruteforcer botnet brute-forces exposed Linux servers with a more capable mid-2025 variant

Malware Activity
First: 08.01.2026 19:30 Last: 08.01.2026 19:30 Sources 1

About this happening: **GoBruteforcer** is actively brute-forcing **Linux servers exposed to the internet**, creating a broad risk of compromise, **data theft** and **botnet expansion**. The operation...

Open Happening

MongoDB CVE-2025-14847 active exploitation worldwide

Exploitation Wave
First: 29.12.2025 09:49 Last: 29.12.2025 09:49 Sources 1

About this happening: **CVE-2025-14847** is being **actively exploited** against **MongoDB** deployments, putting a global pool of **87,000+** potentially susceptible instances at risk. The wave matter...

Open Happening

Timeline

  1. 08.01.2026 11:53 2 articles · 4mo ago

    Coolify disclosure of 11 critical vulnerabilities and exposed-host footprint

    Initial Disclosure

    Cybersecurity researchers disclosed 11 critical vulnerabilities in Coolify, an open-source self-hosting platform, including authenticated and low-privilege command injection, information disclosure, authentication bypass, and stored XSS issues that can lead to root-level remote code execution, container escape, unauthorized SSH access, and full server compromise. The flaws were assigned CVE-2025-66209, CVE-2025-66210, CVE-2025-66211, CVE-2025-66212, CVE-2025-66213, CVE-2025-64419, CVE-2025-64420, CVE-2025-64424, CVE-2025-59156, CVE-2025-59157, and CVE-2025-59158, with fixes available for affected beta releases including <= 4.0.0-beta.448, <= 4.0.0-beta.450, < 4.0.0-beta.436, <= 4.0.0-beta.434, and <= 4.0.0-beta.420.6. Censys counted about 52,890 exposed Coolify hosts as of January 8, 2026, and no indications of in-the-wild exploitation were reported.

    Show sources
    Open in new tab