CVE-2026-56227

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.4 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N                                    

Vulnerability Description

Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allows loopback and internal addresses. Organization admins can configure webhooks pointing to localhost or 127.0.0.1, and when triggered, the backend performs outbound requests to these addresses with error responses disclosed to users.

Vulnerability Details

Published Date

June 20, 2026

Last Modified

June 20, 2026

CWE ID

CWE-918

Source

NVD

Vendor

Capgo

Product

Capgo

External References

https://github.com/Cap-go/capgo/security/advisories/GHSA-48hc-53hv-6x3f
https://www.vulncheck.com/advisories/capgo-server-side-request-forgery-via-webhook-url-validation

CVE-2026-56227

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment