PT-2026-51222 · Cap Go · Cap-Go

Highriderx

Published

2026-06-21

Updated

2026-06-21

CVE-2026-56251

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Capgo before 12.128.2 contains a broken row level security policy in the org users table that allows authenticated users to elevate privileges from admin to super admin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized super admin access and compromise system security.

Fix

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266

Related Identifiers

CVE-2026-56251

Affected Products

Cap-Go

PT-2026-51222 · Cap Go · Cap-Go

CVE-2026-56251

Weakness Enumeration

Related Identifiers

Affected Products

References · 3