Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-56239— Capgo - Privilege Escalation via SECURITY DEFINER Function apply_usage_overage

CVSS 7.6 · High EPSS 0.20% · P10

Possible ATT&CK Techniques 2AI

T1500 T1136.001 · Local Account

Affected Version Matrix 2

VendorProductVersion RangeStatus
CapgoCapgo< 12.128.2affected
12.128.2unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-56239

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Capgo - Privilege Escalation via SECURITY DEFINER Function apply_usage_overage
Source: NVD (National Vulnerability Database)
Vulnerability Description
Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.apply_usage_overage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks (no validation of auth.uid(), org membership, or check_min_rights). Because the function runs with the owner's privileges, it bypasses Row Level Security. If EXECUTE permission is available to the authenticated or anon roles (explicitly or via default privileges), an authenticated user could invoke it via Supabase RPC to manipulate billing data for arbitrary organizations, including unauthorized credit depletion and fraudulent overage event insertion.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
特权管理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Capgo 权限许可和访问控制问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Capgo是CAPGO公司的一个专为CapacitorJS开发者打造的移动应用开发和更新平台。 Capgo 12.128.2之前版本存在权限许可和访问控制问题漏洞,该漏洞源于public.apply_usage_overage SECURITY DEFINER函数在执行敏感计费操作时未执行内部授权检查,可能导致经过身份验证的用户通过Supabase RPC操纵任意组织的计费数据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
CapgoCapgo 0 ~ 12.128.2 -

II. Public POCs for CVE-2026-56239

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium
Qwen3.6-35B-A3B · 8821 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month

III. Intelligence Information for CVE-2026-56239

登录查看更多情报信息。

Vendor Advisories for CVE-2026-56239 (2)

Same Patch Batch · Capgo · 2026-06-21 · 7 CVEs total

CVE-2026-562427.5 HIGHCapgo - Unauthenticated API Key Validity Oracle and User Identity Disclosure via get_ident
CVE-2026-562537.5 HIGHCapgo - Unauthenticated Organization Member Email Disclosure via get_org_members RPC
CVE-2026-562296.5 MEDIUMCapgo - Cross-App Build Job Access via app_id/job_id Mismatch in /build/status and /build/
CVE-2026-562516.5 MEDIUMCapgo - Privilege Escalation via Broken Row Level Security in org_users
CVE-2026-562366.1 MEDIUMCapgo CLI - Arbitrary File Overwrite via Symlink-Following in Local Credential Operations
CVE-2026-562995.3 MEDIUMCapgo - Denial of Service via Unauthenticated OPTIONS Request to /build/upload Endpoint

IV. Related Vulnerabilities

V. Comments for CVE-2026-56239

No comments yet


Leave a comment