Billing Authorization Bypass in Capgo by Capgo
CVE-2026-56240
5.3MEDIUM
What is CVE-2026-56240?
The Capgo software prior to version 12.128.12 is susceptible to a billing authorization bypass vulnerability. This flaw occurs within the plan_valid calculation, allowing attackers to exploit a discrepancy between the plugin's hot-path plan_valid expression and the main billing gate. Consequently, organizations with exhausted or expired usage credits can bypass necessary billing processes, allowing continuous access to critical endpoints such as /updates, /stats, /channel_self, and attachment uploads. This vulnerability poses significant risks as it enables unauthorized access to valuable system resources even after proper credit depletions.
Affected Version(s)
Capgo 0 < 12.128.12
Capgo 12.128.12
