Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, Coolify's app/Jobs/ApplicationDeploymentJob.php generatehealthcheckcommands() function directly interpolated the healthcheckhost, healthcheckmethod, and healthcheckpath parameters into shell commands without proper sanitization, allowing authenticated users to execute arbitrary commands inside deployment containers. This issue is fixed in version 4.0.0-beta.469.
{
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-78"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/59xxx/CVE-2026-59734.json"
}