PT-2026-57427 · Cap Go · Cap-Go
Judel777
·
Published
2026-07-11
·
Updated
2026-07-11
·
CVE-2026-56240
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan valid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path plan valid expression and the authoritative billing gate to gain continued access to /updates, /stats, /channel self, and attachment upload endpoints after credit depletion.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cap-Go