CVE-2026-53867

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

4.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N                                    

Vulnerability Description

Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content.

Vulnerability Details

Published Date

June 12, 2026

Last Modified

June 12, 2026

CWE ID

CWE-459

Source

NVD

Vendor

Cap-go

Product

capgo

External References

https://github.com/Cap-go/capgo/security/advisories/GHSA-8p92-wcp2-c9j4
https://www.vulncheck.com/advisories/capgo-orphaned-file-retention-via-profile-image-replacement

CVE-2026-53867

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment