PT-2026-54026 · Cap Go · Cap-Go

Judel777

·

Published

2026-06-30

·

Updated

2026-06-30

·

CVE-2026-56249

CVSS v3.1

7.6

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.create channel permission can exploit a logic mismatch between existence validation and upsert operations to reassign channel ownership and modify critical production channel configurations.

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-56249

Affected Products

Cap-Go