[06:19:43] === CVE-2026-34594 VARIANT reproduction start === [06:19:43] variant entry point: server.destinations Livewire component -> add($name) (method argument) [06:19:44] starting stack with ghcr.io/coollabsio/coolify:4.0.0-beta.470 [06:20:00] coolify healthy (attempt 2) [06:20:03] auto-seed/server present (attempt 2) [06:20:04] bootstrap ok SERVER_UUID=km0rvg0s87gblqtva4fyke0h [06:20:04] installing python3+requests in coolify-testing-host PY_OK [06:20:07] python3+requests ready [06:20:07] variant exploit attempt vuln-1 (marker=/tmp/coolify_variant_pwned_vuln_1) login_status=200 final_url=http://coolify:8080 dest_page_status=200 snapshot_found name=server.destinations livewire_update_status=200 effects redirect=None html_len=8474 comp_status=None RESPONSE_SNIPPET=General Advanced Sentinel Private Key CA Certificate Cloudflare Tunnel Docker Cleanup Destinations Log Drains Metrics Swarm (experimental) Danger Destinations { if (!value) { $wire.dispatch('modalClosed') } })" :class="{ 'z-40': modalOpen }" @keydown.window.escape="modalOpen=false" class="relative w-auto h-auto" wire:ignore> + Add { if(value) { $nextTick(() => { const firstInput = $el.querySelector('input, textarea, select'); firstInput?.focus(); }) } })" class="fixed top-0 left-0 z-99 flex item EXPLOIT_DONE [06:20:09] VULN variant attempt 1: MARKER PRESENT -> uid=0(root) gid=0(root) groups=0(root) [06:20:09] variant exploit attempt vuln-2 (marker=/tmp/coolify_variant_pwned_vuln_2) login_status=200 final_url=http://coolify:8080 dest_page_status=200 snapshot_found name=server.destinations livewire_update_status=200 effects redirect=None html_len=8918 comp_status=None RESPONSE_SNIPPET=General Advanced Sentinel Private Key CA Certificate Cloudflare Tunnel Docker Cleanup Destinations Log Drains Metrics Swarm (experimental) Danger Destinations { if (!value) { $wire.dispatch('modalClosed') } })" :class="{ 'z-40': modalOpen }" @keydown.window.escape="modalOpen=false" class="relative w-auto h-auto" wire:ignore> + Add { if(value) { $nextTick(() => { const firstInput = $el.querySelector('input, textarea, select'); firstInput?.focus(); }) } })" class="fixed top-0 left-0 z-99 flex item EXPLOIT_DONE [06:20:10] VULN variant attempt 2: MARKER PRESENT -> uid=0(root) gid=0(root) groups=0(root) [06:20:10] vulnerable variant summary: 2/2 attempts produced command execution [06:20:11] starting stack with ghcr.io/coollabsio/coolify:4.0.0-beta.471 [06:20:27] coolify healthy (attempt 2) [06:20:30] auto-seed/server present (attempt 2) [06:20:31] bootstrap ok SERVER_UUID=m11wmbmptw0119y48u4hpxwu [06:20:31] installing python3+requests in coolify-testing-host PY_OK [06:20:33] python3+requests ready [06:20:34] variant exploit attempt fixed-1 (marker=/tmp/coolify_variant_pwned_fixed_1) login_status=200 final_url=http://coolify:8080 dest_page_status=200 snapshot_found name=server.destinations livewire_update_status=500 non_json_resp:
500
500