CVE Catalog

CVE-2026-56249

HighCVSS 7.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile — higher than 17% of all known CVEs

Summary

An authorization bypass vulnerability in Capgo before version 12.128.2 allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.create_channel permission can exploit a logic mismatch between existence validation and upsert operations.

Risk Assessment

Attackers can reassign channel ownership and modify critical production channel configurations, leading to unauthorized access and potential service disruption.

Recommendation

Upgrade Capgo to version 12.128.2 or later immediately to remediate the authorization bypass vulnerability.

Original NVD description (English source)

Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.create_channel permission can exploit a logic mismatch between existence validation and upsert operations to reassign channel ownership and modify critical production channel configurations.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS