A vulnerability labeled as critical has been found in coollabsio Coolify up to 4.0.0-beta.473. This affects the function buildHelperImage of the file app/Livewire/Settings/Index.php of the component Settings Handler. The manipulation of the argument dev_helper_version results in os command injection.

This vulnerability is cataloged as CVE-2026-42148. The attack may be launched remotely. There is no exploit available.