PT-2026-57548 · Cap Go · Cap-Go

Judel777

·

Published

2026-07-12

·

Updated

2026-07-12

·

CVE-2026-56241

CVSS v3.1

8.3

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super admin users retain access to delete non compliant bundles and count non compliant bundles RPCs due to stale org users.user right column not being cleared during role binding deletion. Attackers can exploit this by maintaining a previously granted super admin role to enumerate and bulk delete non-compliant bundles across the entire organization indefinitely.

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-56241

Affected Products

Cap-Go