Authorization Bypass in Capgo Allows Channel Ownership Overwrite
CVE-2026-56249
7.2HIGH
What is CVE-2026-56249?
The Capgo platform is affected by an authorization bypass vulnerability in its channel creation functionality. This flaw allows authenticated users with the permission to create channels to overwrite existing channels by reusing their names. The vulnerability stems from a logic mismatch between the validation of channel existence and the upsert operations, resulting in the potential for attackers to reassign channel ownership and alter critical configurations. This could lead to significant disruption within production environments, making it essential for users to update to version 12.128.2 or later to mitigate the risk.
Affected Version(s)
Capgo 0 < 12.128.2
Capgo 12.128.2
