CVE-2026-56282

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2

Description An information disclosure issue exists in the unauthenticated '/replication' endpoint. This allows attackers to retrieve internal PostgreSQL replication telemetry without authentication, exposing sensitive infrastructure details such as replication slot names, confirmed flush lsn, restart lsn values, and database error messages for reconnaissance purposes.

Recommendations Update to version 12.128.2 or later. As a temporary workaround, restrict access to the '/replication' endpoint to minimize the risk of exploitation.