Privilege Escalation Vulnerability in Capgo Application by Capgo
CVE-2026-56247
8.7HIGH
What is CVE-2026-56247?
A vulnerability in Capgo allows organization administrators to assign organization-scoped Role-Based Access Control (RBAC) roles at the application scope without validating compatibility of the roles. This oversight includes granting roles to users who are yet to accept their invites. As a result, attackers can exploit this flaw to create high-privilege bindings that remain intact even after a low-privilege user accepts an invitation, enabling these users to execute unauthorized actions within the application.
Affected Version(s)
Capgo 0 < 12.128.2
Capgo 12.128.2
