๐Ÿ” CVE Alert

CVE-2026-15507

MEDIUM 6.3

coollabsio Coolify Policy Policies authorization

CVSS Score
6.3
EPSS Score
0.3%
EPSS Percentile
25th

A vulnerability was detected in coollabsio Coolify up to 4.1.1. The impacted element is an unknown function of the file /app/Policies/ of the component Policy Handler. Performing a manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit is now public and may be used.

CWE CWE-862 CWE-863
Vendor coollabsio
Product coolify
Published Jul 12, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for coollabsio coolify

Be the first to know when new medium vulnerabilities affecting coollabsio coolify are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

coollabsio / Coolify
4.1.0 4.1.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/377836 vuldb.com: https://vuldb.com/vuln/377836/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15507 vuldb.com: https://vuldb.com/submit/845670 github.com: https://github.com/lakshayyverma/CVE-Discovery/blob/main/coolify-resource-policy-stubs.zip

Credits

๐Ÿ” lakshay12311 (VulDB User)