CVE-2026-56249
Capgo - Unauthorized Channel Overwrite and Ownership Takeover via POST /channel Name Collision
Vexday Risk Score
18Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.2EPSS —KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
30 jun 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.create_channel permission can exploit a logic mismatch between existence validation and upsert operations to reassign channel ownership and modify critical production channel configurations.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
Produtos afetados
Capgo · CapgoQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →