PT-2026-54037 · Cap Go · Cap-Go

Judel777

·

Published

2026-06-30

·

Updated

2026-07-01

·

CVE-2026-56333

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2
Description Authenticated organization administrators can bypass server-side validation within organization security settings to persist an invalid security policy state. This is achieved by directly updating the public.orgs table from the browser, which circumvents field-level validation checks for security-sensitive configuration parameters, such as max apikey expiration days.
Recommendations Update to version 12.128.2 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-56333

Affected Products

Cap-Go