CVE-2026-59704 in Capinfo

Summary

by MITRE • 07/08/2026

Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generation that consumes the video owner's credits without consent.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsible

VulnCheck

Reservation

07/06/2026

Disclosure

07/08/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!