PT-2026-51777 · Cap Go · Cap-Go

Wcaleniewolny

Published

2026-06-24

Updated

2026-06-24

CVE-2026-56302

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Capgo before 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing unauthenticated attackers to read, insert, and delete stored app icons. Remote attackers can exploit this misconfiguration to delete all icons and leak sensitive app IDs and user IDs.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2026-56302

Affected Products

Cap-Go

PT-2026-51777 · Cap Go · Cap-Go

CVE-2026-56302

Weakness Enumeration

Related Identifiers

Affected Products

References · 3