SQL Injection Vulnerability in Capgo by Capgo
CVE-2026-56281
5.1MEDIUM
What is CVE-2026-56281?
A SQL injection vulnerability exists in Capgo due to improper validation of the limit parameter in the POST /private/admin_stats endpoint. This flaw allows an attacker with administrative privileges to manipulate SQL queries sent to the Cloudflare Analytics Engine. By injecting SQL fragments, the attacker could potentially enumerate dataset schemas, extract sensitive analytics data, or disrupt the analytics backend, leading to denial-of-service conditions. It is critical to address this issue to safeguard your application against unauthorized data access and ensure system stability.
Affected Version(s)
Capgo 0 < 12.128.2
Capgo 12.128.2
