CVE Catalog

CVE-2026-56251

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users to elevate privileges from admin to super_admin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized super_admin access.

Risk Assessment

The organization is at risk of unauthorized access to critical system functions, potentially leading to serious security breaches.

Recommendation

It is recommended to update Capgo to version 12.128.2 or later to fix this security vulnerability.

Original NVD description (English source)

Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users to elevate privileges from admin to super_admin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized super_admin access and compromise system security.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS