PT-2026-57548 · Cap Go · Cap-Go
Judel777
·
Published
2026-07-12
·
Updated
2026-07-12
·
CVE-2026-56241
CVSS v3.1
8.3
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H |
Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super admin users retain access to delete non compliant bundles and count non compliant bundles RPCs due to stale org users.user right column not being cleared during role binding deletion. Attackers can exploit this by maintaining a previously granted super admin role to enumerate and bulk delete non-compliant bundles across the entire organization indefinitely.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cap-Go