PT-2026-54038 · Cap Go · Cap-Go
Judel777
·
Published
2026-06-30
·
Updated
2026-07-01
·
CVE-2026-56334
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Capgo versions prior to 12.128.2
Description
Capgo lacks an UPDATE row-level security policy for the
build requests table. This missing policy prevents API-key and anonymous access from persisting builder status updates. An attacker can exploit this to ensure build status and error details are not saved, which results in build requests rows remaining in a pending state with null last error values.Recommendations
Update to version 12.128.2.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cap-Go