Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%
Buy Us a Coffee

Capgo — Vulnerabilities & Security Advisories 46

Browse all 46 CVE security advisories affecting Capgo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

This page aggregates Common Weakness Enumeration (CWE) vulnerabilities associated with the Capgo vendor and its software products. It provides a centralized resource for security professionals to review reported weaknesses, assess impact, and understand the threat landscape specific to Capgo’s ecosystem. The vulnerabilities collected on this page span various weakness classifications, including but not limited to cross-site scripting, injection flaws, and improper access control mechanisms. The data covers reported incidents and advisories from the earliest known records up to the present day, ensuring a comprehensive historical view of security issues affecting Capgo products. This time range allows analysts to identify trends, recurring patterns, and the evolution of security practices over time. Here, users can track a vendor's advisories by monitoring updates to the listed vulnerabilities, understand a weakness class by examining how specific CWE identifiers manifest in Capgo’s codebase, and look up a product's vulnerability history to assess long-term risk exposure. The page is structured to facilitate efficient search and filtering, enabling researchers to isolate specific weakness types or time periods. By consolidating this information, the page serves as a reference for patch prioritization and vulnerability management strategies. No specific CVE identifiers are listed in the summary, but detailed entries link to individual reports for in-depth analysis. This approach ensures that readers gain a clear overview of the security posture without being overwhelmed by raw data, supporting informed decision-making in enterprise security operations.

Top products by Capgo: Capgo cli
CVE IDTitleCVSSSeverityPublished
CVE-2026-56338 Capgo - Denial of Service in 2FA Email Verification via /auth/v1/otp Endpoint — CapgoCWE-703 5.3 Medium2026-06-24
CVE-2026-56337 Capgo - Information Disclosure via Unauthenticated RPC Function exist_app_v2 — CapgoCWE-200 5.3 Medium2026-06-24
CVE-2026-56302 Capgo - Unsecured Supabase Images Bucket via Missing Row Level Security — CapgoCWE-284 6.5 Medium2026-06-24
CVE-2026-56257 Capgo - Authorization Bypass in App Ownership Transfer via Direct PostgREST Update — CapgoCWE-284 7.1 High2026-06-24
CVE-2026-56256 Capgo - Two-Factor Authentication Bypass via Organization Management API — CapgoCWE-602 7.1 High2026-06-24
CVE-2026-56244 Capgo - Webhook Signing Secret Disclosure via Non-Admin API Key — CapgoCWE-200 7.1 High2026-06-24
CVE-2026-56237 Capgo - Unauthenticated API Key Generation via Client-Side Parameter Manipulation — CapgoCWE-287 9.1 Critical2026-06-24
CVE-2026-56231 Capgo - Broken Object Level Authorization in Build Job Control via jobId Parameter — CapgoCWE-285 7.6 High2026-06-24
CVE-2026-56232 Capgo - Subkey Scope Bypass in middlewareKey via x-limited-key-id Header — CapgoCWE-863 8.8 High2026-06-24
CVE-2026-56223 Capgo - Account Takeover via Cross-Domain SSO Email Assertion in provision-user — CapgoCWE-287 8.7 High2026-06-24
CVE-2026-56322 Capgo - Information Disclosure via Unauthenticated /updates defaultChannel Parameter — CapgoCWE-200 7.5 High2026-06-23
CVE-2026-56243 Capgo - Hashed API Key Enforcement Bypass via PostgREST/RLS Plane — CapgoCWE-288 8.1 High2026-06-23
CVE-2026-56234 Capgo - Password Spraying via Public-Key Accessible Credential Validation Endpoint — CapgoCWE-307 5.3 Medium2026-06-23
CVE-2026-56225 Capgo - Authorization Bypass in API Key Management via App-Limited Keys — CapgoCWE-269 8.3 High2026-06-23
CVE-2026-56222 Capgo - Cross-Organization App Takeover via Mismatched org_id and app_id in /private/role_bindings — CapgoCWE-639 7.2 High2026-06-23
CVE-2026-56324 Capgo - Rate Limit Bypass via User-Controlled device_id Parameter — CapgoCWE-770 8.2 High2026-06-22
CVE-2026-56323 Capgo - Unauthenticated Channel Enumeration and App Oracle via GET /channel_self — CapgoCWE-200 7.5 High2026-06-22
CVE-2026-56321 Capgo - Missing Authentication Middleware on GET /private/role_bindings Endpoint — CapgoCWE-306 5.3 Medium2026-06-22
CVE-2026-56311 Capgo - Unauthenticated Cross-Tenant Disclosure via get_current_plan_max_org RPC — CapgoCWE-285 5.3 Medium2026-06-22
CVE-2026-56314 Capgo - Deleted Bundle Selection via Missing Deletion Filter in /updates Endpoint — CapgoCWE-672 7.1 High2026-06-22
CVE-2026-56306 Capgo - Subkey Enforcement Bypass via x-limited-key-id Header Parsing — CapgoCWE-20 6.4 Medium2026-06-22
CVE-2026-56255 Capgo - Denial of Service via Unlimited Demo App Creation — CapgoCWE-770 4.3 Medium2026-06-22
CVE-2026-56299 Capgo - Denial of Service via Unauthenticated OPTIONS Request to /build/upload Endpoint — CapgoCWE-306 5.3 Medium2026-06-21
CVE-2026-56253 Capgo - Unauthenticated Organization Member Email Disclosure via get_org_members RPC — CapgoCWE-284 7.5 High2026-06-21
CVE-2026-56242 Capgo - Unauthenticated API Key Validity Oracle and User Identity Disclosure via get_identity_apikey_only RPC — CapgoCWE-200 7.5 High2026-06-21
CVE-2026-56251 Capgo - Privilege Escalation via Broken Row Level Security in org_users — CapgoCWE-266 6.5 Medium2026-06-21
CVE-2026-56239 Capgo - Privilege Escalation via SECURITY DEFINER Function apply_usage_overage — CapgoCWE-269 7.6 High2026-06-21
CVE-2026-56236 Capgo CLI - Arbitrary File Overwrite via Symlink-Following in Local Credential Operations — cliCWE-59 6.1 Medium2026-06-21
CVE-2026-56229 Capgo - Cross-App Build Job Access via app_id/job_id Mismatch in /build/status and /build/logs — CapgoCWE-639 6.5 Medium2026-06-21
CVE-2026-56332 Capgo - Open Redirect via confirmation_url Parameter — CapgoCWE-601 4.7 Medium2026-06-20

This page lists every published CVE security advisory associated with Capgo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.