Authorization Bypass Vulnerability in Capgo Product by Capgo
CVE-2026-56335
7.1HIGH
What is CVE-2026-56335?
The Capgo product prior to version 12.128.2 contains an authorization bypass vulnerability that allows attackers to exploit write-scoped API keys. Through the exploitation of a null authentication check in the immutability trigger, attackers can manipulate protected channel settings directly via PostgREST. This vulnerability enables unauthorized modifications to sensitive attributes, including public access, emulator permissions, and critical security flags, outside of standard application routes, thus compromising the integrity and security of the affected system.
Affected Version(s)
Capgo 0 < 12.128.2
Capgo 12.128.2
