EXIF Metadata Exposure in Capgo Application by Capgo
CVE-2026-56298

5.3MEDIUM

Key Information:

Vendor

Capgo

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-56298?

Capgo, prior to version 12.128.2, allows the upload of images through its app information endpoint without stripping the EXIF metadata. This oversight can lead to the unintentional exposure of sensitive geographic location data and other embedded information. Malicious actors may exploit this vulnerability by uploading crafted images, enabling them to access confidential metadata, thus posing a significant risk to user privacy and data security.

Affected Version(s)

Capgo 0 < 12.128.2

Capgo 12.128.2

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.