CVE-2026-56306— Capgo - Subkey Enforcement Bypass via x-limited-key-id Header Parsing
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-56306
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Capgo - Subkey Enforcement Bypass via x-limited-key-id Header Parsing
Source: NVD (National Vulnerability Database)
Vulnerability Description
Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers that result in NaN or falsy values. Remote attackers can manipulate the x-limited-key-id header to disable limited key scoping and execute requests using the main API key context instead of restricted subkey permissions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-56306
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-56306
请登录查看更多情报信息。
Other References for CVE-2026-56306 (1)
Other References for CVE-2026-56306 (1)
Same Patch Batch · Capgo · 2026-06-22 · 7 CVEs total
| CVE-2026-56324 | 8.2 HIGH | Capgo - Rate Limit Bypass via User-Controlled device_id Parameter |
| CVE-2026-56323 | 7.5 HIGH | Capgo - Unauthenticated Channel Enumeration and App Oracle via GET /channel_self |
| CVE-2026-56314 | 7.1 HIGH | Capgo - Deleted Bundle Selection via Missing Deletion Filter in /updates Endpoint |
| CVE-2026-56311 | 5.3 MEDIUM | Capgo - Unauthenticated Cross-Tenant Disclosure via get_current_plan_max_org RPC |
| CVE-2026-56321 | 5.3 MEDIUM | Capgo - Missing Authentication Middleware on GET /private/role_bindings Endpoint |
| CVE-2026-56255 | 4.3 MEDIUM | Capgo - Denial of Service via Unlimited Demo App Creation |
IV. Related Vulnerabilities
Same product: Capgo
- CVE-2026-56337
Capgo - Information Disclosure via Unauthenticated RPC Funct - CVE-2026-56338
Capgo - Denial of Service in 2FA Email Verification via /aut - CVE-2026-56310
Cap-go - Authorization Bypass in Organization Members Endpoi - CVE-2026-56302
Capgo - Unsecured Supabase Images Bucket via Missing Row Lev - CVE-2026-56257
Capgo - Authorization Bypass in App Ownership Transfer via D
Same vendor: Capgo
- CVE-2026-56337
Capgo - Information Disclosure via Unauthenticated RPC Funct - CVE-2026-56338
Capgo - Denial of Service in 2FA Email Verification via /aut - CVE-2026-56302
Capgo - Unsecured Supabase Images Bucket via Missing Row Lev - CVE-2026-56257
Capgo - Authorization Bypass in App Ownership Transfer via D - CVE-2026-56256
Capgo - Two-Factor Authentication Bypass via Organization Ma
Same weakness: CWE-20
- CVE-2026-13434
Virt-controller-rhel9: kubevirt: kubevirt: multus default-ne - CVE-2026-52801
Gogs: Ability to import local repositories via Mirror Settin - CVE-2025-64719
Gogs: Denial of Service in repository/wiki file listing web - CVE-2026-13024
Chrome <149.0.7827.197 导航输入验证不足致站点隔离绕过 - CVE-2026-13025
Chrome<149.0.7827.197 DevTools竞态条件致沙箱逃逸
V. Comments for CVE-2026-56306
No comments yet