CVE Catalog

CVE-2026-56236

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions.

Risk Assessment

Organizations may be exposed to data loss or the disclosure of sensitive information, potentially leading to serious legal and reputational consequences.

Recommendation

It is recommended to update Capgo CLI to version 12.128.2 or later and to implement additional symlink validation mechanisms in the build and login processes.

Original NVD description (English source)

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS