PT-2026-54037 · Cap Go · Cap-Go
Judel777
·
Published
2026-06-30
·
Updated
2026-07-01
·
CVE-2026-56333
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Capgo versions prior to 12.128.2
Description
Authenticated organization administrators can bypass server-side validation within organization security settings to persist an invalid security policy state. This is achieved by directly updating the
public.orgs table from the browser, which circumvents field-level validation checks for security-sensitive configuration parameters, such as max apikey expiration days.Recommendations
Update to version 12.128.2 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cap-Go