← volver
CVE-2026-53867

Capgo < 12.128.2 - Orphaned File Retention via Profile Image Replacement

CVSS 5.3 MEDIUMEPSS 0.2%CWE-459
Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
Capgo · Capgo

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/Cap-go/capgo/security/advisories/GHSA-8p92-wcp2-c9j4https://www.vulncheck.com/advisories/capgo-orphaned-file-retention-via-profile-image-replacement