Cross-Tenant Preview Namespace Collision in Capgo Product
CVE-2026-56329

5.3MEDIUM

Key Information:

Vendor

Capgo

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-56329?

Capgo versions before 12.128.2 exhibit a cross-tenant preview namespace collision vulnerability due to the non-bijective decoding of double underscores to dots during the parsing of preview hostnames. This flaw allows attackers to create app IDs containing underscores that collide with legitimate dotted app IDs of other tenants. As a result, this misrouting impairs access to preview functionality for affected applications, leading to potential denial of service for users.

Affected Version(s)

Capgo 0 < 12.128.2

Capgo 12.128.2

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Judel777
.