A vulnerability labeled as critical has been found in coollabsio Coolify up to 4.0.0-beta.473. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/UploadController.php of the component File Upload Endpoint. The manipulation results in unrestricted upload.

This vulnerability is identified as CVE-2026-42145. The attack can be executed remotely. There is not any exploit available.