Cross-Tenant Preview Namespace Collision in Capgo Product
CVE-2026-56329
5.3MEDIUM
What is CVE-2026-56329?
Capgo versions before 12.128.2 exhibit a cross-tenant preview namespace collision vulnerability due to the non-bijective decoding of double underscores to dots during the parsing of preview hostnames. This flaw allows attackers to create app IDs containing underscores that collide with legitimate dotted app IDs of other tenants. As a result, this misrouting impairs access to preview functionality for affected applications, leading to potential denial of service for users.
Affected Version(s)
Capgo 0 < 12.128.2
Capgo 12.128.2
