Back to CVE List

CVE-2026-56218

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
5.3 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Description

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-200
Source
NVD
Vendor
Capgo
Product
Capgo

External References

Discussion (0)

Add Comment

No comments yet. Be the first!