Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution.
The list of vulnerabilities is as follows -

CVE-2025-66209 (CVSS score: 10.0) - A command injection vulnerability in the database backup functionality allows any authenticated



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/01/coolify-discloses-11-critical-flaws.html