Access Control Flaw in Cap's Video AI Metadata Endpoint
CVE-2026-59704
7.1HIGH
What is CVE-2026-59704?
The Cap software's /api/video/ai endpoint lacks proper user validation, allowing authenticated attackers to access sensitive AI-generated video metadata. This includes details like titles, summaries, and chapters of private videos without proper authorization. Such a flaw can lead to unauthorized usage of the video owner's credits as attackers can also initiate AI generation tasks by supplying arbitrary video IDs. This poses significant risks to content privacy and resource management for users.
Affected Version(s)
Cap 0 <= 8d48642
