PT-2026-54024 · Cap Go · Cap-Go
Hunt-With-4Bh1
·
Published
2026-06-30
·
Updated
2026-06-30
·
CVE-2026-56233
CVSS v3.1
8.3
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |
Capgo before 12.128.2 contains a path traversal vulnerability in the builder upload proxy that allows authenticated users with build permissions to bypass upload restrictions. Attackers can append traversal sequences to the upload path, which are normalized by the WHATWG URL parser, enabling access to internal administrative endpoints with the privileged BUILDER API KEY header and resulting in server-side privilege escalation.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cap-Go