PT-2026-51146 · Cap Go · Cap-Go
Penetest
+1
·
Published
2026-06-20
·
Updated
2026-06-20
·
CVE-2026-56218
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Capgo versions prior to 12.128.2
Description
The software fails to strip EXIF metadata, which includes GPS geolocation data, from uploaded images. This leads to information disclosure, as attackers can download these images and extract precise latitude and longitude coordinates to reveal the physical location of the user at the time the image was captured.
Recommendations
Update to version 12.128.2 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cap-Go