Privilege Escalation Vulnerability in Capgo by Capgo
CVE-2026-56241
7.2HIGH
What is CVE-2026-56241?
Capgo versions prior to 12.128.2 are vulnerable to a privilege escalation issue whereby users with demoted super_admin roles can still access critical RPCs, including the ability to delete or count non-compliant bundles. This occurs because the 'user_right' column in the org_users table is not properly cleared when a user's role is demoted. As a result, an attacker can exploit this flaw to maintain unauthorized access and potentially manipulate data across the organization indefinitely.
Affected Version(s)
Capgo 0 < 12.128.2
Capgo 12.128.2
