Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

capgo — Vulnerabilities & Security Advisories 73

All 73 CVE vulnerabilities found in capgo, with AI-generated Chinese analysis, references, and POCs.

The vulnerability aggregation page for Product capgo provides a comprehensive overview of known security weaknesses associated with this software vendor and its specific product line. This resource is designed to help security professionals, developers, and compliance officers monitor the security posture of capgo by centralizing vulnerability data from multiple authoritative sources. The page collects a wide variety of vulnerability types, including but not limited to remote code execution flaws, cross-site scripting issues, authentication bypasses, and privilege escalation vulnerabilities. It covers historical data spanning several years, allowing users to analyze trends and assess the long-term security maturity of the product. By visiting this page, you can track a vendor's advisories to stay updated on newly disclosed issues and patched vulnerabilities. You can also understand a weakness class by examining common patterns and attack vectors specific to capgo's architecture. Additionally, the page enables you to look up a product's vulnerability history to review past incidents, understand remediation efforts, and evaluate risk exposure over time. This consolidated view facilitates more efficient risk management and informed decision-making regarding software procurement, updates, and security audits. All information is presented in a structured format to ensure clarity and ease of use, supporting proactive security hygiene without requiring users to navigate multiple external databases or fragmented reports.

Vendor: Cap-go

CVE IDTitleCVSSSeverityPublished
CVE-2026-56334 Capgo - Missing UPDATE RLS Policy for Build Status Persistence CWE-284 4.3 Medium2026-06-30
CVE-2026-56331 Capgo - Improper Error Handling in Accept Invitation Endpoint via Invalid Magic String CWE-209 5.3 Medium2026-06-30
CVE-2026-56333 Capgo - Server-Side Validation Bypass via Direct Browser-Side Organization Security Settings Updates CWE-20 4.3 Medium2026-06-30
CVE-2026-56328 Capgo - Integrity Issue in Release Routing via Multiple Public Channels CWE-670 6.5 Medium2026-06-30
CVE-2026-56327 Capgo - Unauthenticated Organization Existence Oracle via public.invite_user_to_org RPC CWE-203 5.3 Medium2026-06-30
CVE-2026-56320 Capgo - Org/App Scope Mismatch in Device Creation Endpoint CWE-285 7.1 High2026-06-30
CVE-2026-56318 Capgo - Information Disclosure via /private/validate_password_compliance Endpoint CWE-200 5.3 Medium2026-06-30
CVE-2026-56300 Capgo - Unauthenticated API Key Validity and Permission Oracle via RPC Functions CWE-200 7.5 High2026-06-30
CVE-2026-56286 Capgo - Account Deletion Without Password Confirmation CWE-306 8.1 High2026-06-30
CVE-2026-56249 Capgo - Unauthorized Channel Overwrite and Ownership Takeover via POST /channel Name Collision CWE-285 7.6 High2026-06-30
CVE-2026-56247 Capgo - Privilege Escalation via Cross-Scope RBAC Role Assignment CWE-266 8.8 High2026-06-30
CVE-2026-56230 Capgo - Broken Object Level Authorization via x-limited-key-id Header CWE-639 8.8 High2026-06-30
CVE-2026-56233 Capgo - SSRF and Privilege Escalation via Path Traversal in Builder Upload Proxy CWE-22 8.3 High2026-06-30
CVE-2026-56224 Capgo - Login CSRF and Session Fixation via URL Query Parameters CWE-384 5.4 Medium2026-06-30
CVE-2026-56219 Capgo - Unauthenticated RBAC Bindings and Email Disclosure via get_org_user_access_rbac NULL-auth Bypass CWE-287 7.5 High2026-06-30
CVE-2026-56338 Capgo - Denial of Service in 2FA Email Verification via /auth/v1/otp Endpoint CWE-703 5.3 Medium2026-06-24
CVE-2026-56337 Capgo - Information Disclosure via Unauthenticated RPC Function exist_app_v2 CWE-200 5.3 Medium2026-06-24
CVE-2026-56310 Cap-go - Authorization Bypass in Organization Members Endpoint via API Key Scope Bypass CWE-285 4.3 Medium2026-06-24
CVE-2026-56302 Capgo - Unsecured Supabase Images Bucket via Missing Row Level Security CWE-284 6.5 Medium2026-06-24
CVE-2026-56257 Capgo - Authorization Bypass in App Ownership Transfer via Direct PostgREST Update CWE-284 7.1 High2026-06-24
CVE-2026-56256 Capgo - Two-Factor Authentication Bypass via Organization Management API CWE-602 7.1 High2026-06-24
CVE-2026-56245 Supabase Capgo - Unauthenticated Cross-Tenant Build-Time Accounting Poisoning via record_build_time RPC CWE-269 8.2 High2026-06-24
CVE-2026-56244 Capgo - Webhook Signing Secret Disclosure via Non-Admin API Key CWE-200 7.1 High2026-06-24
CVE-2026-56237 Capgo - Unauthenticated API Key Generation via Client-Side Parameter Manipulation CWE-287 9.1 Critical2026-06-24
CVE-2026-56231 Capgo - Broken Object Level Authorization in Build Job Control via jobId Parameter CWE-285 7.6 High2026-06-24
CVE-2026-56232 Capgo - Subkey Scope Bypass in middlewareKey via x-limited-key-id Header CWE-863 8.8 High2026-06-24
CVE-2026-56223 Capgo - Account Takeover via Cross-Domain SSO Email Assertion in provision-user CWE-287 8.7 High2026-06-24
CVE-2026-56322 Capgo - Information Disclosure via Unauthenticated /updates defaultChannel Parameter CWE-200 7.5 High2026-06-23
CVE-2026-56248 Capgo - Unauthenticated Denial-of-Service via audit_logs RLS Policy CWE-400 7.5 High2026-06-23
CVE-2026-56243 Capgo - Hashed API Key Enforcement Bypass via PostgREST/RLS Plane CWE-288 8.1 High2026-06-23

All 73 known CVE vulnerabilities affecting capgo with full Chinese analysis, references, and POCs where available.