PT-2026-54024 · Cap Go · Cap-Go

Hunt-With-4Bh1

·

Publicado

2026-06-30

·

Atualizado

2026-06-30

·

CVE-2026-56233

CVSS v3.1

8.3

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Capgo before 12.128.2 contains a path traversal vulnerability in the builder upload proxy that allows authenticated users with build permissions to bypass upload restrictions. Attackers can append traversal sequences to the upload path, which are normalized by the WHATWG URL parser, enabling access to internal administrative endpoints with the privileged BUILDER API KEY header and resulting in server-side privilege escalation.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-56233

Produtos afetados

Cap-Go