PT-2026-54026 · Cap Go · Cap-Go
Judel777
·
Publicado
2026-06-30
·
Atualizado
2026-06-30
·
CVE-2026-56249
CVSS v3.1
7.6
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L |
Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.create channel permission can exploit a logic mismatch between existence validation and upsert operations to reassign channel ownership and modify critical production channel configurations.
Correção
Improper Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cap-Go