PT-2026-51779 · Cap Go · Cap-Go
Judel777
·
Published
2026-06-24
·
Updated
2026-06-24
·
CVE-2026-56337
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Capgo before 12.128.2 contains an information disclosure vulnerability in the public.exist app v2 RPC function that allows unauthenticated attackers to enumerate app ids by calling POST /rest/v1/rpc/exist app v2 with arbitrary appid parameters. Remote attackers can exploit this SECURITY DEFINER function to determine whether specific app ids exist in the public.apps table, enabling cross-tenant app enumeration and privacy violations.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cap-Go