Rate Limit Bypass Vulnerability in Capgo by Capgo Inc.
CVE-2026-56324

8.8HIGH

Key Information:

Vendor: Capgo
Status: Capgo
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-56324?

Capgo versions before 12.128.2 are affected by a significant vulnerability that exists in the channel_self endpoint. This issue allows attackers to bypass the implemented rate limiting measures by manipulating the user-controlled device_id parameter. By rotating this parameter, an attacker can send multiple requests every second, which can overwhelm the channel_devices table and lead to database exhaustion. It is crucial for users to apply updates to prevent exploitation of this vulnerability.

Affected Version(s)

Capgo 0 < 12.128.2

Capgo 12.128.2

References

https://github.com/Cap-go/capgo/security/advisories/GHSA-...

vendor-advisory

https://www.vulncheck.com/advisories/capgo-rate-limit-byp...

third-party-advisory

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Jun 20, 2026

Credit

Judel777

CVE-2026-56324 Data

JSON