A vulnerability marked as critical has been reported in coollabsio coolify up to 4.0.0-beta.473 . This impacts the function Server::whereTeamId($teamId of the component UI . The manipulation of the argument teamId leads to authorization bypass. This vulnerability is referenced as CVE-2026-57498 . Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.