Information Disclosure Vulnerability in Cap-go by Cap-go
CVE-2026-56296
6.9MEDIUM
What is CVE-2026-56296?
Cap-go prior to version 12.128.2 suffers from an information disclosure vulnerability within the public.transfer_app RPC function. This flaw allows unauthenticated attackers to exploit differences in error messages returned for existing versus non-existing app IDs. By manipulating requests using only the publishable API key, attackers can enumerate valid app IDs, which can lead to further targeted attacks. It is essential for users of affected versions to update to the latest version to mitigate potential risks.
Affected Version(s)
capgo 0 < 12.128.2
capgo 12.128.2
