CVE-2026-56309 in Capgoالمعلومات

الملخص

بحسب MITRE • 10/07/2026

Capgo before 12.128.2 fails to enforce plan/quota restrictions on the /files/upload/attachments endpoint, allowing plan-blocked apps to create publicly readable R2 objects. Attackers can upload arbitrary attachments using upload-scoped API keys that bypass plan checks, persist outside normal bundle metadata, and survive app deletion, enabling storage and bandwidth abuse.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

مسؤول

VulnCheck

حجز

20/06/2026

إفشاء

10/07/2026

الاعتدال

تمت الموافقة

إدخال

VDB-377488

EPSS

0.00000

KEV

لا

النشاطات

منخفض جدًا

المصادر

Do you need the next level of professionalism?

Upgrade your account now!