PT-2026-54026 · Cap Go · Cap-Go

Judel777

·

Publicado

2026-06-30

·

Atualizado

2026-06-30

·

CVE-2026-56249

CVSS v3.1

7.6

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.create channel permission can exploit a logic mismatch between existence validation and upsert operations to reassign channel ownership and modify critical production channel configurations.

Correção

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-56249

Produtos afetados

Cap-Go