PT-2026-57427 · Cap Go · Cap-Go
Judel777
·
Publicado
2026-07-11
·
Atualizado
2026-07-11
·
CVE-2026-56240
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan valid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path plan valid expression and the authoritative billing gate to gain continued access to /updates, /stats, /channel self, and attachment upload endpoints after credit depletion.
Correção
Improper Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cap-Go