CVE-2026-56324

Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel self endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled device id parameter. Attackers can send multiple requests per second by changing device id values to flood the channel devices table and cause database exhaustion.