Billing Authorization Bypass in Capgo by Capgo
CVE-2026-56240

5.3MEDIUM

Key Information:

Vendor

Capgo

Status
Vendor
CVE Published:
11 July 2026

What is CVE-2026-56240?

The Capgo software prior to version 12.128.12 is susceptible to a billing authorization bypass vulnerability. This flaw occurs within the plan_valid calculation, allowing attackers to exploit a discrepancy between the plugin's hot-path plan_valid expression and the main billing gate. Consequently, organizations with exhausted or expired usage credits can bypass necessary billing processes, allowing continuous access to critical endpoints such as /updates, /stats, /channel_self, and attachment uploads. This vulnerability poses significant risks as it enables unauthorized access to valuable system resources even after proper credit depletions.

Affected Version(s)

Capgo 0 < 12.128.12

Capgo 12.128.12

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Judel777
.