SQL Injection Vulnerability in Capgo by Capgo
CVE-2026-56281

5.1MEDIUM

Key Information:

Vendor

Capgo

Status
Vendor
CVE Published:
12 July 2026

What is CVE-2026-56281?

A SQL injection vulnerability exists in Capgo due to improper validation of the limit parameter in the POST /private/admin_stats endpoint. This flaw allows an attacker with administrative privileges to manipulate SQL queries sent to the Cloudflare Analytics Engine. By injecting SQL fragments, the attacker could potentially enumerate dataset schemas, extract sensitive analytics data, or disrupt the analytics backend, leading to denial-of-service conditions. It is critical to address this issue to safeguard your application against unauthorized data access and ensure system stability.

Affected Version(s)

Capgo 0 < 12.128.2

Capgo 12.128.2

References

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

offset
.