PT-2026-57427 · Cap Go · Cap-Go

Judel777

·

Published

2026-07-11

·

Updated

2026-07-11

·

CVE-2026-56240

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan valid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path plan valid expression and the authoritative billing gate to gain continued access to /updates, /stats, /channel self, and attachment upload endpoints after credit depletion.

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-56240

Affected Products

Cap-Go