← voltar
CVE-2026-53867

Capgo < 12.128.2 - Orphaned File Retention via Profile Image Replacement

CVSS 5.3 MEDIUMEPSS 0.2%CWE-459
Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Capgo · Capgo

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Cap-go/capgo/security/advisories/GHSA-8p92-wcp2-c9j4https://www.vulncheck.com/advisories/capgo-orphaned-file-retention-via-profile-image-replacement