← voltar
CVE-2026-56324

Capgo - Rate Limit Bypass via User-Controlled device_id Parameter

CVSS 8.8 HIGHEPSS 0.3%CWE-770
Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel_self endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled device_id parameter. Attackers can send multiple requests per second by changing device_id values to flood the channel_devices table and cause database exhaustion.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Capgo · Capgo

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Cap-go/capgo/security/advisories/GHSA-77p2-9rcr-5w27https://www.vulncheck.com/advisories/capgo-rate-limit-bypass-via-user-controlled-device-id-parameter