Article Details
Scrape Timestamp (UTC): 2026-01-08 09:56:21.116
Source: https://thehackernews.com/2026/01/coolify-discloses-11-critical-flaws.html
Original Article Text
Click to Toggle View
Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances. Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows - The following versions are impacted by the shortcomings - According to data from attack surface management platform Censys, there are about 52,890 exposed Coolify hosts as of January 8, 2026, with most of them located in Germany (15,000), the U.S. (9,800), France (8,000), Brazil (4,200), and Finland (3,400) While there are no indications that any of the flaws have been exploited in the wild, it's essential that users move quickly to apply the fixes as soon as possible in light of their severity.
Daily Brief Summary
Cybersecurity experts identified 11 critical vulnerabilities in Coolify, an open-source platform, posing risks of authentication bypass and remote code execution on self-hosted instances.
Approximately 52,890 Coolify hosts are exposed globally, with significant concentrations in Germany, the U.S., and France, heightening the potential impact.
The identified flaws could allow attackers to gain full control over affected servers, emphasizing the urgent need for remediation.
No current evidence suggests active exploitation of these vulnerabilities, but the severity necessitates prompt action from users.
Users are strongly advised to apply available patches immediately to mitigate potential security threats and protect their systems.
The disclosure serves as a reminder of the importance of regular security audits and timely patch management for open-source platforms.