CVE-2026-34594: Coolify authenticated command injection in Destination Network Management
CVE-2026-34594 is verified against the affected target vulnerability class: Command Injection This high reproduction includes runnable sandbox proof, artifacts, and a plain-text agent view under REPRO-2026-00245.
pruva-verify REPRO-2026-00245 curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00245/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh Authenticated command injection in Coolify Destination Network Management (CVE-2026-34594, GHSA-mf8p-rj62-9f9m). The 'network' parameter from user input is interpolated directly into shell commands (docker network disconnect / docker network rm) without escapeshellarg(), allowing a user with destination management permissions to execute arbitrary commands as root on the Coolify host.
Variant analysis
The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.
Loading session...
Scripts, logs, diffs, and output captured during the reproduction.