Primary

Context

Coolify Private Key Exposure Vulnerability Allowing Root Access via SSH

Vulnerability

A vulnerability exists in Coolify, an open-source tool for managing servers, applications, and databases, in versions through v4.0.0-beta.434. Low privileged users can access the private key of the root user on the Coolify instance. This access enables them to authenticate as the root user via SSH. As of the vulnerability's publication, it is unclear whether a patch is available.

Impact

Exploitation of this vulnerability allows low privileged users to access the private key of the root user, enabling them to authenticate as root via SSH on the server where Coolify is hosted.

Reproduction

Low privileged users can view the private key of the root user within the Coolify application. This key can then be used to SSH into the server as the root user.

Added: Jan 5, 2026, 8:20 PM

Updated: Jan 5, 2026, 8:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.6

remediation

0.0

relevance

1.9

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.6

remediation

0.0

relevance

1.9

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Coolify Private Key Exposure Vulnerability Allowing Root Access via SSH

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating