CVE-2026-56236

Sažetak

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI.

Reference

https://github.com/Cap-go/capgo/security/advisories/GHSA-8mpm-q7mh-8fvh
https://www.vulncheck.com/advisories/capgo-cli-arbitrary-file-overwrite-via-symlink-following-in-local-credential-operations

CVSS

Base:	6.1
Impact:	4.2
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

Zadnje važnije ažuriranje

21-06-2026 - 14:16

Objavljeno

21-06-2026 - 14:16