A vulnerability identified as problematic has been detected in coollabsio Coolify up to 4.0.0-beta.470. Affected is an unknown function of the file github-app-config.ts of the component GitHub App Configuration Handler. The manipulation of the argument api_url leads to server-side request forgery.
This vulnerability is referenced as CVE-2026-34170. Remote exploitation of the attack is possible. No exploit is available.