A vulnerability categorized as very critical has been discovered in coollabsio Coolify up to 4.0.0-beta.470. The affected element is the function
startUnmanaged/stopUnmanaged/restartUnmanaged of the component Livewire. Such manipulation leads to os command injection.
This vulnerability is referenced as CVE-2026-34058. It is possible to launch the attack remotely. No exploit is available.