Missing Row-Level Security Policy in Capgo Affects Build Requests
CVE-2026-56334

5.3MEDIUM

Key Information:

Vendor

Capgo

Status
Vendor
CVE Published:
30 June 2026

What is CVE-2026-56334?

In versions prior to 12.128.2, Capgo lacks an UPDATE row-level security policy for the build_requests table. This oversight allows unauthorized API-key and anonymous access to disrupt the persistence of builder status updates. Without proper security measures in place, attackers can exploit this vulnerability, resulting in build request entries remaining in a pending state, often with null last_error values. Consequently, users may experience disrupted build processes, as status updates and error diagnostics are not properly recorded.

Affected Version(s)

Capgo 0 < 12.128.2

Capgo 12.128.2

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Judel777
.