CVE Catalog

CVE-2026-53867

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs.

Risk Assessment

The organization is at risk of unauthorized access to user-uploaded content, potentially leading to privacy breaches and data leaks.

Recommendation

It is recommended to upgrade to version 12.128.2 or later to ensure orphaned image files are deleted and minimize the risk of unauthorized access.

Original NVD description (English source)

Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS