Unauthenticated API Vulnerability in Capgo Software
CVE-2026-56300

8.7HIGH

Key Information:

Vendor

Capgo

Status
Vendor
CVE Published:
30 June 2026

What is CVE-2026-56300?

Capgo software versions prior to 12.128.2 are affected by a significant vulnerability that permits unauthenticated attackers to exploit security context functions. These include the get_user_id and get_org_perm_for_apikey RPC functions, which can leak API key validity and user UUID information. Attackers utilizing public API keys are able to exploit this flaw to validate exposed keys, enumerate users, and ascertain permission levels, thereby enhancing their ability to act on compromised credentials.

Affected Version(s)

Capgo 0 < 12.128.2

Capgo 12.128.2

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Judel777
.