{
  "document" : {
    "aggregate_severity" : {
      "text" : "hoch"
    },
    "category" : "csaf_base",
    "csaf_version" : "2.0",
    "distribution" : {
      "tlp" : {
        "label" : "WHITE",
        "url" : "https://www.first.org/tlp/"
      }
    },
    "lang" : "de-DE",
    "notes" : [ {
      "category" : "legal_disclaimer",
      "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen."
    }, {
      "category" : "description",
      "text" : "Coolify ist eine Open-Source-Plattform zur Vereinfachung der Bereitstellung und Verwaltung von Anwendungen.",
      "title" : "Produktbeschreibung"
    }, {
      "category" : "summary",
      "text" : "Ein Angreifer kann mehrere Schwachstellen in Coolify ausnutzen, um beliebigen Programmcode auszuführen, um seine Privilegien zu erhöhen, um Informationen offenzulegen, um falsche Informationen darzustellen, um Dateien zu manipulieren, um einen Denial of Service Angriff durchzuführen, und um Sicherheitsvorkehrungen zu umgehen.",
      "title" : "Angriff"
    }, {
      "category" : "general",
      "text" : "- Linux\n- UNIX",
      "title" : "Betroffene Betriebssysteme"
    } ],
    "publisher" : {
      "category" : "other",
      "contact_details" : "csaf-provider@cert-bund.de",
      "name" : "Bundesamt für Sicherheit in der Informationstechnik",
      "namespace" : "https://www.bsi.bund.de"
    },
    "references" : [ {
      "category" : "self",
      "summary" : "WID-SEC-W-2026-2192 - CSAF Version",
      "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-2192.json"
    }, {
      "category" : "self",
      "summary" : "WID-SEC-2026-2192 - Portal Version",
      "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2192"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-389w-cc6x-wr2m vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-389w-cc6x-wr2m"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-3g6r-cxv5-3c7h vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-3g6r-cxv5-3c7h"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-46hp-7m8g-7622 vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-46hp-7m8g-7622"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-4fhp-xqqp-w7vv vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-4fhp-xqqp-w7vv"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-4mpw-wcj4-v9pp vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-4mpw-wcj4-v9pp"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-4vff-6j8j-qhcg vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-4vff-6j8j-qhcg"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-565g-9j4m-wqmr vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-565g-9j4m-wqmr"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-5qp8-9gg7-4c86 vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-5qp8-9gg7-4c86"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-652w-qv22-2r7c vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-652w-qv22-2r7c"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-66gv-g2w9-6wxp vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-66gv-g2w9-6wxp"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-6pmw-6m96-4v4m vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-6pmw-6m96-4v4m"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-6r3g-w7x8-54fj vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-6r3g-w7x8-54fj"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-782c-3jq5-fw4j vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-782c-3jq5-fw4j"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-962v-gxmw-56hc vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-962v-gxmw-56hc"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-c339-w3cq-2rjr vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-c339-w3cq-2rjr"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-c83f-5ph7-x8xv vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-c83f-5ph7-x8xv"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-cgj8-7m5q-x5gv vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-cgj8-7m5q-x5gv"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-chg4-63hm-xv9x vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-chg4-63hm-xv9x"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-f35h-g2c2-q36v vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-f35h-g2c2-q36v"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-f47p-xrgc-977v vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-f47p-xrgc-977v"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-ggrr-wrvr-x83v vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-ggrr-wrvr-x83v"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-gvc4-f276-r88p vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-gvc4-f276-r88p"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-j6j2-frv3-g6f7 vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-j6j2-frv3-g6f7"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-mh8x-fppq-cp77 vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-mh8x-fppq-cp77"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-mv4c-9x67-rrmv vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-mv4c-9x67-rrmv"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-mw6q-2hmg-mhxv vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-mw6q-2hmg-mhxv"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-pwm4-w33c-wjf3 vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-pwm4-w33c-wjf3"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-q9j6-xcvx-px63 vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-q9j6-xcvx-px63"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-rpr8-p7jc-x844 vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-rpr8-p7jc-x844"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-v64c-v633-58xp vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-v64c-v633-58xp"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-x9qh-w4c4-54f9 vom 2026-07-02",
      "url" : "https://github.com/coollabsio/coolify/security/advisories/GHSA-x9qh-w4c4-54f9"
    } ],
    "source_lang" : "en-US",
    "title" : "Coolify: Mehrere Schwachstellen",
    "tracking" : {
      "current_release_date" : "2026-07-06T22:00:00.000+00:00",
      "generator" : {
        "date" : "2026-07-07T11:17:16.273+00:00",
        "engine" : {
          "name" : "BSI-WID",
          "version" : "1.6.0"
        }
      },
      "id" : "WID-SEC-W-2026-2192",
      "initial_release_date" : "2026-07-02T22:00:00.000+00:00",
      "revision_history" : [ {
        "date" : "2026-07-02T22:00:00.000+00:00",
        "number" : "1",
        "summary" : "Initiale Fassung"
      }, {
        "date" : "2026-07-06T22:00:00.000+00:00",
        "number" : "2",
        "summary" : "CVE-Nummern ergänzt"
      } ],
      "status" : "final",
      "version" : "2"
    }
  },
  "product_tree" : {
    "branches" : [ {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version_range",
          "name" : "<4.0.0-beta.474",
          "product" : {
            "name" : "Open Source Coolify <4.0.0-beta.474",
            "product_id" : "T056143"
          }
        }, {
          "category" : "product_version",
          "name" : "4.0.0-beta.474",
          "product" : {
            "name" : "Open Source Coolify 4.0.0-beta.474",
            "product_id" : "T056143-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:coollabs:coolify:4.0.0-beta.474"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Coolify"
      } ],
      "category" : "vendor",
      "name" : "Open Source"
    } ]
  },
  "vulnerabilities" : [ {
    "cve" : "CVE-2025-66209",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2025-66209"
  }, {
    "cve" : "CVE-2025-66213",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2025-66213"
  }, {
    "cve" : "CVE-2026-32718",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-32718"
  }, {
    "cve" : "CVE-2026-34034",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34034"
  }, {
    "cve" : "CVE-2026-34035",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34035"
  }, {
    "cve" : "CVE-2026-34037",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34037"
  }, {
    "cve" : "CVE-2026-34044",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34044"
  }, {
    "cve" : "CVE-2026-34047",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34047"
  }, {
    "cve" : "CVE-2026-34048",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34048"
  }, {
    "cve" : "CVE-2026-34049",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34049"
  }, {
    "cve" : "CVE-2026-34050",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34050"
  }, {
    "cve" : "CVE-2026-34057",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34057"
  }, {
    "cve" : "CVE-2026-34058",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34058"
  }, {
    "cve" : "CVE-2026-34149",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34149"
  }, {
    "cve" : "CVE-2026-34152",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34152"
  }, {
    "cve" : "CVE-2026-34153",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34153"
  }, {
    "cve" : "CVE-2026-34158",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34158"
  }, {
    "cve" : "CVE-2026-34167",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34167"
  }, {
    "cve" : "CVE-2026-34168",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34168"
  }, {
    "cve" : "CVE-2026-34170",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34170"
  }, {
    "cve" : "CVE-2026-34171",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34171"
  }, {
    "cve" : "CVE-2026-34198",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34198"
  }, {
    "cve" : "CVE-2026-34599",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-34599"
  }, {
    "cve" : "CVE-2026-41899",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-41899"
  }, {
    "cve" : "CVE-2026-42143",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-42143"
  }, {
    "cve" : "CVE-2026-42145",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-42145"
  }, {
    "cve" : "CVE-2026-42147",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-42147"
  }, {
    "cve" : "CVE-2026-42148",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-42148"
  }, {
    "cve" : "CVE-2026-42153",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-42153"
  }, {
    "cve" : "CVE-2026-42172",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-42172"
  }, {
    "cve" : "CVE-2026-42200",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-42200"
  }, {
    "cve" : "CVE-2026-42201",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-42201"
  }, {
    "cve" : "CVE-2026-42204",
    "product_status" : {
      "known_affected" : [ "T056143" ]
    },
    "release_date" : "2026-07-02T22:00:00.000+00:00",
    "title" : "CVE-2026-42204"
  } ]
}