← volver
CVE-2026-56249

Capgo - Unauthorized Channel Overwrite and Ownership Takeover via POST /channel Name Collision

CVSS 7.2 HIGHCWE-285
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.2EPSS KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
30 jun 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.create_channel permission can exploit a logic mismatch between existence validation and upsert operations to reassign channel ownership and modify critical production channel configurations.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
Productos afectados
Capgo · Capgo

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →