Access Control Flaw in Cap's Video AI Metadata Endpoint
CVE-2026-59704

7.1HIGH

Key Information:

Vendor

Cap

Status
Vendor
CVE Published:
7 July 2026

What is CVE-2026-59704?

The Cap software's /api/video/ai endpoint lacks proper user validation, allowing authenticated attackers to access sensitive AI-generated video metadata. This includes details like titles, summaries, and chapters of private videos without proper authorization. Such a flaw can lead to unauthorized usage of the video owner's credits as attackers can also initiate AI generation tasks by supplying arbitrary video IDs. This poses significant risks to content privacy and resource management for users.

Affected Version(s)

Cap 0 <= 8d48642

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

George Chen
.