PT-2026-57427 · Cap Go · Cap-Go

Judel777

·

Publicado

2026-07-11

·

Atualizado

2026-07-11

·

CVE-2026-56240

CVSS v3.1

4.3

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan valid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path plan valid expression and the authoritative billing gate to gain continued access to /updates, /stats, /channel self, and attachment upload endpoints after credit depletion.

Correção

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-56240

Produtos afetados

Cap-Go