Authorization Flaw in Capgo's Application Transfer Functionality
CVE-2026-56293
5.3MEDIUM
What is CVE-2026-56293?
An authorization vulnerability has been identified in Capgo's transfer_app() function, which fails to correctly update the owner_org field in the deploy_history during application transfers between organizations. This issue allows attackers to maintain unauthorized access to deployment history records of the source organization and potentially deprive the destination organization of access to critical deployment information pertaining to transferred applications.
Affected Version(s)
Capgo 0 < 12.128.2
Capgo 12.128.2
