CVE-2026-56325

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2

Description The preview subdomain resolver uses ILIKE pattern matching instead of exact matching for app id lookup. This allows underscore characters within the app id to function as SQL wildcards. An attacker can create applications with app id values that differ by only one character at the underscore positions, leading to unintended pattern matches. This can result in the disruption of preview functionality for legitimate applications or cause confusion regarding the app id.

Recommendations Update to version 12.128.2 or later.