Ethical Hacking News
Coolify Discloses 11 Critical Flaws, Putting Self-Hosted Instances at Risk. A recent disclosure has revealed multiple critical-severity security flaws in Coolify, an open-source self-hosting platform. These vulnerabilities pose a significant threat to the integrity and confidentiality of data stored on affected instances, with users urged to take immediate action to apply fixes.
11 critical-severity security flaws were disclosed in Coolify, a self-hosting platform. These vulnerabilities include command injection attacks and information disclosure vulnerability. Approximately 52,890 exposed Coolify hosts were found by Censys as of January 8, 2026. No indications have been reported yet of these vulnerabilities being exploited in the wild.
The cybersecurity world has been dealt a significant blow as Coolify, an open-source self-hosting platform, has recently disclosed details of multiple critical-severity security flaws. These vulnerabilities, identified through a rigorous security audit, pose a substantial threat to the integrity and confidentiality of data stored on affected instances.
According to the disclosed information, the list of vulnerabilities includes 11 different CVE numbers, each with its unique set of implications for Coolify users. Among these vulnerabilities are command injection attacks, which allow authenticated users with specific permissions to execute arbitrary commands on the host server, leading to full infrastructure compromise. Another critical flaw found is an information disclosure vulnerability that enables low-privileged users to view the private key of the root user on the Coolify instance.
The severity of this situation was underscored by data from attack surface management platform Censys, which revealed that there are approximately 52,890 exposed Coolify hosts as of January 8, 2026. Notably, most of these instances were found to be located in Germany, followed closely by the U.S., France, Brazil, and Finland.
While it is essential to note that no indications have been reported yet of these vulnerabilities being exploited in the wild, the sheer scale of exposed Coolify hosts underscores the urgent need for users to take immediate action. As highlighted by cybersecurity experts, "it's essential that users move quickly to apply the fixes as soon as possible in light of their severity."
The impact of these disclosed vulnerabilities serves as a stark reminder of the importance of rigorous security testing and regular vulnerability assessments for open-source projects like Coolify. Furthermore, it highlights the need for greater awareness and education among developers, administrators, and end-users about the potential risks associated with outdated or insecure software.
In conclusion, the recent disclosure of critical-severity security flaws in Coolify presents a significant challenge to users who rely on this platform. As emphasized by cybersecurity researchers, "while there are no indications that any of the flaws have been exploited in the wild, it's essential that users move quickly to apply the fixes as soon as possible in light of their severity."
Related Information:
https://www.ethicalhackingnews.com/articles/Coolify-Discloses-11-Critical-Flaws-Putting-Self-Hosted-Instances-at-Risk-ehn.shtml
https://thehackernews.com/2026/01/coolify-discloses-11-critical-flaws.html
https://undercodenews.com/critical-coolify-security-flaws-expose-thousands-of-servers-to-full-takeover/
Published: Thu Jan 8 05:55:43 2026 by llama3.2 3B Q4_K_M
