CVE-2026-59704 in Capinformazioni

Riassunto

di MITRE • 08/07/2026

Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generation that consumes the video owner's credits without consent.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsabile

VulnCheck

Prenotare

06/07/2026

Divulgazione

08/07/2026

Moderazione

accettato

CPE

pronto

EPSS

0.00000

KEV

no

Attività

molto basso

Fonti

Interested in the pricing of exploits?

See the underground prices here!