EXIF Metadata Exposure in Capgo Application by Capgo
CVE-2026-56298
5.3MEDIUM
What is CVE-2026-56298?
Capgo, prior to version 12.128.2, allows the upload of images through its app information endpoint without stripping the EXIF metadata. This oversight can lead to the unintentional exposure of sensitive geographic location data and other embedded information. Malicious actors may exploit this vulnerability by uploading crafted images, enabling them to access confidential metadata, thus posing a significant risk to user privacy and data security.
Affected Version(s)
Capgo 0 < 12.128.2
Capgo 12.128.2
