CVE-2026-34044
Received Received - Intake

Logs::mount() Team Isolation Bypass in Coolify

Vulnerability report for CVE-2026-34044, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-07

Last updated on: 2026-07-07

Assigner: GitHub, Inc.

Description

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount() component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by other teams by supplying a victim resource UUID. This issue is fixed in version 4.0.0-beta.466.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-07
Last Modified
2026-07-07
Generated
2026-07-07
AI Q&A
2026-07-07
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
coollabsio coolify to 4.0.0-beta.466 (exc)
coollabsio coolify 4.0.0-beta.466

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-34044 is a high-severity vulnerability in Coolify, an open-source self-hosted platform for managing servers, applications, and databases. The issue is an Insecure Direct Object Reference (IDOR) in the logs component, where the system looks up resources by UUID without restricting the lookup to the current user's team. This flaw allows an authenticated user to access logs belonging to other teams by supplying a victim's resource UUID.

The vulnerability arises because the application does not verify team ownership when fetching logs, enabling cross-team log access. Logs often contain sensitive information such as secrets or tokens, making this a serious confidentiality risk.

Impact Analysis

This vulnerability can lead to cross-tenant data disclosure, where an attacker from one team can access sensitive logs of another team. Since logs may contain secrets, tokens, or other confidential information, this can compromise the security of applications and services.

Additionally, the exposure of sensitive data could enable lateral movement within the environment, increasing the risk of further attacks or unauthorized access.

Detection Guidance

This vulnerability involves unauthorized access to logs of other teams by manipulating UUID parameters in the URL or API requests. Detection involves monitoring for unusual access patterns where a user accesses logs belonging to different teams by supplying UUIDs not associated with their own team.

Specifically, you can look for requests to the logs endpoint that include UUID parameters and verify if those UUIDs belong to the requesting user's team. Any access to logs with UUIDs outside the user's team scope may indicate exploitation attempts.

While no explicit commands are provided in the resources, a general approach would be to audit web server or application logs for requests to log retrieval endpoints containing UUID parameters and cross-check those UUIDs against team ownership.

For example, if you have access to the Coolify server logs, you might use commands like the following to find suspicious UUID access patterns:

  • grep -Eo 'logs/([a-f0-9\-]{36})' /var/log/coolify/access.log | sort | uniq -c
  • Then correlate the extracted UUIDs with team ownership in your database or application to detect cross-team access.

Additionally, monitoring for unexpected access from users with low privileges to logs of other teams can help detect exploitation.

Mitigation Strategies

The primary mitigation step is to upgrade Coolify to version 4.0.0-beta.466 or later, where this vulnerability has been fixed.

The fix involves enforcing team-scoped resource lookups by adding checks to ensure that log access is limited to resources owned by the current user's team.

Until you can upgrade, you should restrict access to the logs endpoints to trusted users only and monitor for suspicious UUID access patterns as a temporary measure.

Review and apply any access control policies that limit users to their own team's resources, and consider adding additional logging and alerting on cross-team log access attempts.

Compliance Impact

The vulnerability allows authenticated users to access logs belonging to other teams by bypassing team-scoped resource lookups. Since logs often contain sensitive information such as secrets or tokens, this cross-tenant data disclosure can lead to unauthorized exposure of confidential data.

Such unauthorized access to sensitive data can negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls on access to personal and sensitive information to prevent data breaches and ensure confidentiality.

By enabling lateral movement and unauthorized data access, the vulnerability increases the risk of non-compliance with these regulations, potentially leading to legal and financial consequences for affected organizations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34044. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart