PT-2026-57548 · Cap Go · Cap-Go

Judel777

·

Publicado

2026-07-12

·

Atualizado

2026-07-12

·

CVE-2026-56241

CVSS v3.1

8.3

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super admin users retain access to delete non compliant bundles and count non compliant bundles RPCs due to stale org users.user right column not being cleared during role binding deletion. Attackers can exploit this by maintaining a previously granted super admin role to enumerate and bulk delete non-compliant bundles across the entire organization indefinitely.

Correção

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-56241

Produtos afetados

Cap-Go