Authorization Bypass in Capgo Allows Channel Ownership Overwrite
CVE-2026-56249

7.2HIGH

Key Information:

Vendor

Capgo

Status
Vendor
CVE Published:
30 June 2026

What is CVE-2026-56249?

The Capgo platform is affected by an authorization bypass vulnerability in its channel creation functionality. This flaw allows authenticated users with the permission to create channels to overwrite existing channels by reusing their names. The vulnerability stems from a logic mismatch between the validation of channel existence and the upsert operations, resulting in the potential for attackers to reassign channel ownership and alter critical configurations. This could lead to significant disruption within production environments, making it essential for users to update to version 12.128.2 or later to mitigate the risk.

Affected Version(s)

Capgo 0 < 12.128.2

Capgo 12.128.2

References

CVSS V4

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Judel777
.