CVE Catalog

CVE-2026-56302

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

Capgo before version 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing unauthenticated attackers to read, insert, and delete stored app icons.

Risk Assessment

Remote attackers can exploit this misconfiguration to delete all icons and leak sensitive app IDs and user IDs, potentially leading to serious privacy breaches.

Recommendation

It is recommended to upgrade to version 12.128.2 or later and implement appropriate row level security controls for images buckets.

Original NVD description (English source)

Capgo before 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing unauthenticated attackers to read, insert, and delete stored app icons. Remote attackers can exploit this misconfiguration to delete all icons and leak sensitive app IDs and user IDs.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS