PT-2026-51412 · Cap Go · Cap-Go
Judel777
·
Published
2026-06-22
·
Updated
2026-06-22
·
CVE-2026-56324
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H |
Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel self endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled device id parameter. Attackers can send multiple requests per second by changing device id values to flood the channel devices table and cause database exhaustion.
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cap-Go