CVE-2026-56303 in Capgoinfo

Zusammenfassung

von MITRE • 11.07.2026

Capgo before 12.128.2 contains an information disclosure vulnerability in the find_apikey_by_value PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/find_apikey_by_value endpoint to retrieve sensitive API key metadata including user_id, mode, org scoping, and expiration details when supplied a valid key value.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Zuständig

VulnCheck

Reservieren

20.06.2026

Veröffentlichung

11.07.2026

Moderieren

akzeptiert

Eintrag

VDB-377810

CPE

bereit

EPSS

0.00000

KEV

nein

Aktivitäten

low

Quellen

Do you need the next level of professionalism?

Upgrade your account now!