Authorization Flaw in Capgo's Application Transfer Functionality
CVE-2026-56293

5.3MEDIUM

Key Information:

Vendor

Capgo

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-56293?

An authorization vulnerability has been identified in Capgo's transfer_app() function, which fails to correctly update the owner_org field in the deploy_history during application transfers between organizations. This issue allows attackers to maintain unauthorized access to deployment history records of the source organization and potentially deprive the destination organization of access to critical deployment information pertaining to transferred applications.

Affected Version(s)

Capgo 0 < 12.128.2

Capgo 12.128.2

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Judel777
.