PT-2026-57428 · Cap Go · Cap-Go

Judel777

·

Published

2026-07-11

·

Updated

2026-07-11

·

CVE-2026-56296

CVSS v4.0

6.9

Medium

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2
Description An information disclosure issue exists in the public.transfer app RPC function. Unauthenticated attackers can enumerate valid app IDs by observing differences in error messages returned when calling the function using only the publishable API key, which reveals whether an app ID exists or not.
Recommendations Update Cap-go to version 12.128.2 or later.

Exploit

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-56296
GHSA-FMM3-3QCG-85J6

Affected Products

Cap-Go