PT-2026-57428 · Cap Go · Cap-Go
Judel777
·
Published
2026-07-11
·
Updated
2026-07-11
·
CVE-2026-56296
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Cap-go versions prior to 12.128.2
Description
An information disclosure issue exists in the
public.transfer app RPC function. Unauthenticated attackers can enumerate valid app IDs by observing differences in error messages returned when calling the function using only the publishable API key, which reveals whether an app ID exists or not.Recommendations
Update Cap-go to version 12.128.2 or later.
Exploit
Fix
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cap-Go