Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Updated on January 8, 2026

Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution.
The list of vulnerabilities is as follows –

CVE-2025-66209 (CVSS score: 10.0) – A command injection vulnerability in the database backup functionality allows any authenticated…

Read the rest of the story at Read More

Source: The Hacker News

October 15, 2025 Uncategorized

Two New Windows Zero-Days Exploited in t...

September 11, 2024 Uncategorized

Ivanti Releases Urgent Security Updates ...

January 15, 2025 Uncategorized

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Related posts

Two New Windows Zero-Days Exploited in t...

Ivanti Releases Urgent Security Updates ...

FBI Deletes PlugX Malware from 4,250 Hac...

Leave a Comment Cancel reply

Recent News

Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can’t)

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024

FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing

WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging

China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes

ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

The State of Trusted Open Source

Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages