Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

capgo — Vulnerabilities & Security Advisories 61

Browse all 61 CVE security advisories affecting capgo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

This page aggregates Common Weakness Enumeration (CWE) vulnerabilities associated with the Capgo vendor and its software products. It provides a centralized resource for security professionals to review reported weaknesses, assess impact, and understand the threat landscape specific to Capgo’s ecosystem. The vulnerabilities collected on this page span various weakness classifications, including but not limited to cross-site scripting, injection flaws, and improper access control mechanisms. The data covers reported incidents and advisories from the earliest known records up to the present day, ensuring a comprehensive historical view of security issues affecting Capgo products. This time range allows analysts to identify trends, recurring patterns, and the evolution of security practices over time. Here, users can track a vendor's advisories by monitoring updates to the listed vulnerabilities, understand a weakness class by examining how specific CWE identifiers manifest in Capgo’s codebase, and look up a product's vulnerability history to assess long-term risk exposure. The page is structured to facilitate efficient search and filtering, enabling researchers to isolate specific weakness types or time periods. By consolidating this information, the page serves as a reference for patch prioritization and vulnerability management strategies. No specific CVE identifiers are listed in the summary, but detailed entries link to individual reports for in-depth analysis. This approach ensures that readers gain a clear overview of the security posture without being overwhelmed by raw data, supporting informed decision-making in enterprise security operations.

Top products by capgo: Capgo cli
CVE IDTitleCVSSSeverityPublished
CVE-2026-56334 Capgo - Missing UPDATE RLS Policy for Build Status Persistence — CapgoCWE-284 4.3 Medium2026-06-30
CVE-2026-56331 Capgo - Improper Error Handling in Accept Invitation Endpoint via Invalid Magic String — CapgoCWE-209 5.3 Medium2026-06-30
CVE-2026-56333 Capgo - Server-Side Validation Bypass via Direct Browser-Side Organization Security Settings Updates — CapgoCWE-20 4.3 Medium2026-06-30
CVE-2026-56328 Capgo - Integrity Issue in Release Routing via Multiple Public Channels — CapgoCWE-670 6.5 Medium2026-06-30
CVE-2026-56327 Capgo - Unauthenticated Organization Existence Oracle via public.invite_user_to_org RPC — CapgoCWE-203 5.3 Medium2026-06-30
CVE-2026-56320 Capgo - Org/App Scope Mismatch in Device Creation Endpoint — CapgoCWE-285 7.1 High2026-06-30
CVE-2026-56318 Capgo - Information Disclosure via /private/validate_password_compliance Endpoint — CapgoCWE-200 5.3 Medium2026-06-30
CVE-2026-56300 Capgo - Unauthenticated API Key Validity and Permission Oracle via RPC Functions — CapgoCWE-200 7.5 High2026-06-30
CVE-2026-56286 Capgo - Account Deletion Without Password Confirmation — CapgoCWE-306 8.1 High2026-06-30
CVE-2026-56249 Capgo - Unauthorized Channel Overwrite and Ownership Takeover via POST /channel Name Collision — CapgoCWE-285 7.6 High2026-06-30
CVE-2026-56247 Capgo - Privilege Escalation via Cross-Scope RBAC Role Assignment — CapgoCWE-266 8.8 High2026-06-30
CVE-2026-56233 Capgo - SSRF and Privilege Escalation via Path Traversal in Builder Upload Proxy — CapgoCWE-22 8.3 High2026-06-30
CVE-2026-56230 Capgo - Broken Object Level Authorization via x-limited-key-id Header — CapgoCWE-639 8.8 High2026-06-30
CVE-2026-56224 Capgo - Login CSRF and Session Fixation via URL Query Parameters — CapgoCWE-384 5.4 Medium2026-06-30
CVE-2026-56219 Capgo - Unauthenticated RBAC Bindings and Email Disclosure via get_org_user_access_rbac NULL-auth Bypass — CapgoCWE-287 7.5 High2026-06-30
CVE-2026-56338 Capgo - Denial of Service in 2FA Email Verification via /auth/v1/otp Endpoint — CapgoCWE-703 5.3 Medium2026-06-24
CVE-2026-56337 Capgo - Information Disclosure via Unauthenticated RPC Function exist_app_v2 — CapgoCWE-200 5.3 Medium2026-06-24
CVE-2026-56302 Capgo - Unsecured Supabase Images Bucket via Missing Row Level Security — CapgoCWE-284 6.5 Medium2026-06-24
CVE-2026-56257 Capgo - Authorization Bypass in App Ownership Transfer via Direct PostgREST Update — CapgoCWE-284 7.1 High2026-06-24
CVE-2026-56256 Capgo - Two-Factor Authentication Bypass via Organization Management API — CapgoCWE-602 7.1 High2026-06-24
CVE-2026-56244 Capgo - Webhook Signing Secret Disclosure via Non-Admin API Key — CapgoCWE-200 7.1 High2026-06-24
CVE-2026-56237 Capgo - Unauthenticated API Key Generation via Client-Side Parameter Manipulation — CapgoCWE-287 9.1 Critical2026-06-24
CVE-2026-56232 Capgo - Subkey Scope Bypass in middlewareKey via x-limited-key-id Header — CapgoCWE-863 8.8 High2026-06-24
CVE-2026-56231 Capgo - Broken Object Level Authorization in Build Job Control via jobId Parameter — CapgoCWE-285 7.6 High2026-06-24
CVE-2026-56223 Capgo - Account Takeover via Cross-Domain SSO Email Assertion in provision-user — CapgoCWE-287 8.7 High2026-06-24
CVE-2026-56322 Capgo - Information Disclosure via Unauthenticated /updates defaultChannel Parameter — CapgoCWE-200 7.5 High2026-06-23
CVE-2026-56243 Capgo - Hashed API Key Enforcement Bypass via PostgREST/RLS Plane — CapgoCWE-288 8.1 High2026-06-23
CVE-2026-56234 Capgo - Password Spraying via Public-Key Accessible Credential Validation Endpoint — CapgoCWE-307 5.3 Medium2026-06-23
CVE-2026-56225 Capgo - Authorization Bypass in API Key Management via App-Limited Keys — CapgoCWE-269 8.3 High2026-06-23
CVE-2026-56222 Capgo - Cross-Organization App Takeover via Mismatched org_id and app_id in /private/role_bindings — CapgoCWE-639 7.2 High2026-06-23

This page lists every published CVE security advisory associated with capgo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.