Back to CVE List

CVE-2026-56335

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Vulnerability Description

Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys can directly mutate protected channel configuration fields through PostgREST by exploiting a null authentication check in the immutability trigger. Attackers with write API keys can modify sensitive channel attributes such as public, allow_emulator, and security-related flags outside intended application routes.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-284
Source
NVD
Vendor
Capgo
Product
Capgo

External References

Discussion (0)

Add Comment

No comments yet. Be the first!