PT-2026-57548 · Cap Go · Cap-Go
Judel777
·
Publicado
2026-07-12
·
Atualizado
2026-07-12
·
CVE-2026-56241
CVSS v3.1
8.3
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H |
Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super admin users retain access to delete non compliant bundles and count non compliant bundles RPCs due to stale org users.user right column not being cleared during role binding deletion. Attackers can exploit this by maintaining a previously granted super admin role to enumerate and bulk delete non-compliant bundles across the entire organization indefinitely.
Correção
Improper Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cap-Go