CVE-2026-12815
Gravedad CVSS v4.0:
BAJA
Tipo:
CWE-77
Neutralización incorrecta de elementos especiales usados en un comando (Inyección de comando)
Fecha de publicación:
22/06/2026
Última modificación:
22/06/2026
Descripción
*** Pendiente de traducción *** A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the component Image Name Handler. Such manipulation leads to os command injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way. The changelog for 4.1.2 mentions "[i]mproved image, branch, proxy, and deployment input validation".
Impacto
Puntuación base 4.0
2.10
Gravedad 4.0
BAJA
Puntuación base 3.x
6.30
Gravedad 3.x
MEDIA
Puntuación base 2.0
6.50
Gravedad 2.0
MEDIA
Referencias a soluciones, herramientas e información
- https://github.com/dxz0069/softwareoverflow/blob/main/coolify_docker_image_reference_shell_injection_vulndb.md
- https://vuldb.com/cve/CVE-2026-12815
- https://vuldb.com/submit/837577
- https://vuldb.com/vuln/372609
- https://vuldb.com/vuln/372609/cti
- https://github.com/dxz0069/softwareoverflow/blob/main/coolify_docker_image_reference_shell_injection_vulndb.md
- https://vuldb.com/submit/837577



