Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Capgo — Vulnerabilities & Security Advisories 68

Browse all 68 CVE security advisories affecting Capgo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

This page aggregates Common Weakness Enumeration (CWE) vulnerabilities associated with the Capgo vendor and its software products. It provides a centralized resource for security professionals to review reported weaknesses, assess impact, and understand the threat landscape specific to Capgo’s ecosystem. The vulnerabilities collected on this page span various weakness classifications, including but not limited to cross-site scripting, injection flaws, and improper access control mechanisms. The data covers reported incidents and advisories from the earliest known records up to the present day, ensuring a comprehensive historical view of security issues affecting Capgo products. This time range allows analysts to identify trends, recurring patterns, and the evolution of security practices over time. Here, users can track a vendor's advisories by monitoring updates to the listed vulnerabilities, understand a weakness class by examining how specific CWE identifiers manifest in Capgo’s codebase, and look up a product's vulnerability history to assess long-term risk exposure. The page is structured to facilitate efficient search and filtering, enabling researchers to isolate specific weakness types or time periods. By consolidating this information, the page serves as a reference for patch prioritization and vulnerability management strategies. No specific CVE identifiers are listed in the summary, but detailed entries link to individual reports for in-depth analysis. This approach ensures that readers gain a clear overview of the security posture without being overwhelmed by raw data, supporting informed decision-making in enterprise security operations.

Top products by Capgo: Capgo cli
CVE IDTitleCVSSSeverityPublished
CVE-2026-56298 Capgo - EXIF Metadata Exposure in App Information Image Upload — CapgoCWE-200 4.3 Medium2026-07-08
CVE-2026-56293 Capgo - Stale Cross-Organization Authorization via Incomplete deploy_history Update in transfer_app() — CapgoCWE-285 5.4 Medium2026-07-08
CVE-2026-56283 Capgo - HTML Injection Leading to Open Redirection in Organization Settings — CapgoCWE-79 5.4 Medium2026-07-08
CVE-2026-56250 Capgo - Arbitrary R2 Object Deletion via Mutable r2_path in app_versions — CapgoCWE-862 7.5 High2026-07-08
CVE-2026-56246 Capgo - Cross-Organization Authorization Bypass via Scoped API Key Privilege Inheritance — CapgoCWE-285 8.1 High2026-07-08
CVE-2026-56220 Capgo - Unauthorized Manifest Insertion via Read-Only Org Member — CapgoCWE-863 6.5 Medium2026-07-08
CVE-2026-56217 Capgo - Encrypted Bundle Policy Bypass via Direct PostgREST Update — CapgoCWE-284 4.3 Medium2026-07-08
CVE-2026-56334 Capgo - Missing UPDATE RLS Policy for Build Status Persistence — CapgoCWE-284 4.3 Medium2026-06-30
CVE-2026-56333 Capgo - Server-Side Validation Bypass via Direct Browser-Side Organization Security Settings Updates — CapgoCWE-20 4.3 Medium2026-06-30
CVE-2026-56331 Capgo - Improper Error Handling in Accept Invitation Endpoint via Invalid Magic String — CapgoCWE-209 5.3 Medium2026-06-30
CVE-2026-56328 Capgo - Integrity Issue in Release Routing via Multiple Public Channels — CapgoCWE-670 6.5 Medium2026-06-30
CVE-2026-56327 Capgo - Unauthenticated Organization Existence Oracle via public.invite_user_to_org RPC — CapgoCWE-203 5.3 Medium2026-06-30
CVE-2026-56320 Capgo - Org/App Scope Mismatch in Device Creation Endpoint — CapgoCWE-285 7.1 High2026-06-30
CVE-2026-56318 Capgo - Information Disclosure via /private/validate_password_compliance Endpoint — CapgoCWE-200 5.3 Medium2026-06-30
CVE-2026-56286 Capgo - Account Deletion Without Password Confirmation — CapgoCWE-306 8.1 High2026-06-30
CVE-2026-56300 Capgo - Unauthenticated API Key Validity and Permission Oracle via RPC Functions — CapgoCWE-200 7.5 High2026-06-30
CVE-2026-56249 Capgo - Unauthorized Channel Overwrite and Ownership Takeover via POST /channel Name Collision — CapgoCWE-285 7.6 High2026-06-30
CVE-2026-56247 Capgo - Privilege Escalation via Cross-Scope RBAC Role Assignment — CapgoCWE-266 8.8 High2026-06-30
CVE-2026-56230 Capgo - Broken Object Level Authorization via x-limited-key-id Header — CapgoCWE-639 8.8 High2026-06-30
CVE-2026-56233 Capgo - SSRF and Privilege Escalation via Path Traversal in Builder Upload Proxy — CapgoCWE-22 8.3 High2026-06-30
CVE-2026-56224 Capgo - Login CSRF and Session Fixation via URL Query Parameters — CapgoCWE-384 5.4 Medium2026-06-30
CVE-2026-56219 Capgo - Unauthenticated RBAC Bindings and Email Disclosure via get_org_user_access_rbac NULL-auth Bypass — CapgoCWE-287 7.5 High2026-06-30
CVE-2026-56337 Capgo - Information Disclosure via Unauthenticated RPC Function exist_app_v2 — CapgoCWE-200 5.3 Medium2026-06-24
CVE-2026-56338 Capgo - Denial of Service in 2FA Email Verification via /auth/v1/otp Endpoint — CapgoCWE-703 5.3 Medium2026-06-24
CVE-2026-56302 Capgo - Unsecured Supabase Images Bucket via Missing Row Level Security — CapgoCWE-284 6.5 Medium2026-06-24
CVE-2026-56257 Capgo - Authorization Bypass in App Ownership Transfer via Direct PostgREST Update — CapgoCWE-284 7.1 High2026-06-24
CVE-2026-56256 Capgo - Two-Factor Authentication Bypass via Organization Management API — CapgoCWE-602 7.1 High2026-06-24
CVE-2026-56244 Capgo - Webhook Signing Secret Disclosure via Non-Admin API Key — CapgoCWE-200 7.1 High2026-06-24
CVE-2026-56237 Capgo - Unauthenticated API Key Generation via Client-Side Parameter Manipulation — CapgoCWE-287 9.1 Critical2026-06-24
CVE-2026-56232 Capgo - Subkey Scope Bypass in middlewareKey via x-limited-key-id Header — CapgoCWE-863 8.8 High2026-06-24

This page lists every published CVE security advisory associated with Capgo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.