Essential Guide: Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise...

Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution.

The following versions are impacted by the shortcomings -

According to data from attack surface management platform Censys, there are about 52,890 exposed Coolify hosts as of January 8, 2026, with most of them located in Germany (15,000), the U.S. (9,800), France (8,000), Brazil (4,200), and Finland (3,400)

While there are no indications that any of the flaws have been exploited in the wild, it's essential that users move quickly to apply the fixes as soon as possible in light of their severity.

Source: The Hacker News