Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.461, the GitLab webhook endpoint uses a non-constant-time string comparison operator (!==) to validate the webhook secret token. This implementation is vulnerable to timing attacks, which could allow an attacker to gradually discover the secret token by measuring response time differences. This vulnerability is fixed in 4.0.0-beta.461.
References
Configurations
No configuration.
History
30 Jun 2026, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/coollabsio/coolify/security/advisories/GHSA-x525-46rq-mr8c - |
30 Jun 2026, 15:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-30 15:16
Updated : 2026-06-30 19:58
NVD link : CVE-2026-27882
Mitre link : CVE-2026-27882
CVE.ORG link : CVE-2026-27882
JSON object : View
Products Affected
No product.
CWE
CWE-208
Observable Timing Discrepancy
