CVE-2026-56222— Capgo - Cross-Organization App Takeover via Mismatched org_id and app_id in /private/role_bindings
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-56222
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Capgo - Cross-Organization App Takeover via Mismatched org_id and app_id in /private/role_bindings
Source: NVD (National Vulnerability Database)
Vulnerability Description
Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/role_bindings that fails to verify app_id ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by other organizations, enabling unauthorized read and modification of victim applications.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过用户控制密钥绕过授权机制
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-56222
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-56222
请登录查看更多情报信息。
News Coverage for CVE-2026-56222 (1)
Other References for CVE-2026-56222 (1)
Same Patch Batch · Capgo · 2026-06-23 · 5 CVEs total
| CVE-2026-56225 | 8.3 HIGH | Capgo - Authorization Bypass in API Key Management via App-Limited Keys |
| CVE-2026-56243 | 8.1 HIGH | Capgo - Hashed API Key Enforcement Bypass via PostgREST/RLS Plane |
| CVE-2026-56322 | 7.5 HIGH | Capgo - Information Disclosure via Unauthenticated /updates defaultChannel Parameter |
| CVE-2026-56234 | 5.3 MEDIUM | Capgo - Password Spraying via Public-Key Accessible Credential Validation Endpoint |
IV. Related Vulnerabilities
Same product: Capgo
- CVE-2026-56337
Capgo - Information Disclosure via Unauthenticated RPC Funct - CVE-2026-56338
Capgo - Denial of Service in 2FA Email Verification via /aut - CVE-2026-56310
Cap-go - Authorization Bypass in Organization Members Endpoi - CVE-2026-56302
Capgo - Unsecured Supabase Images Bucket via Missing Row Lev - CVE-2026-56257
Capgo - Authorization Bypass in App Ownership Transfer via D
Same vendor: Capgo
- CVE-2026-56337
Capgo - Information Disclosure via Unauthenticated RPC Funct - CVE-2026-56338
Capgo - Denial of Service in 2FA Email Verification via /aut - CVE-2026-56302
Capgo - Unsecured Supabase Images Bucket via Missing Row Lev - CVE-2026-56257
Capgo - Authorization Bypass in App Ownership Transfer via D - CVE-2026-56256
Capgo - Two-Factor Authentication Bypass via Organization Ma
Same weakness: CWE-639
- CVE-2026-12411
Broken Access Control in Canonical LXD DevLXD API - CVE-2026-57665
WordPress GravityView plugin <= 3.0.0 - Insecure Direct Obje - CVE-2026-57652
WordPress JS Help Desk plugin <= 3.1.0 - Insecure Direct Obj - CVE-2026-57646
WordPress Majestic Support plugin <= 1.1.7 - Insecure Direct - CVE-2026-57634
WordPress PPWP plugin <= 1.9.19 - Insecure Direct Object Ref
V. Comments for CVE-2026-56222
No comments yet