Back to CVE List

CVE-2026-56222

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.2 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vulnerability Description

Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/role_bindings that fails to verify app_id ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by other organizations, enabling unauthorized read and modification of victim applications.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-639
Source
NVD
Vendor
Capgo
Product
Capgo

External References

Discussion (0)

Add Comment

No comments yet. Be the first!