Authorization Bypass Vulnerability in Capgo Product by Capgo
CVE-2026-56335

7.1HIGH

Key Information:

Vendor

Capgo

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-56335?

The Capgo product prior to version 12.128.2 contains an authorization bypass vulnerability that allows attackers to exploit write-scoped API keys. Through the exploitation of a null authentication check in the immutability trigger, attackers can manipulate protected channel settings directly via PostgREST. This vulnerability enables unauthorized modifications to sensitive attributes, including public access, emulator permissions, and critical security flags, outside of standard application routes, thus compromising the integrity and security of the affected system.

Affected Version(s)

Capgo 0 < 12.128.2

Capgo 12.128.2

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Judel777
.