CVE-2026-56249 - CERT CVE
ID CVE-2026-56249
Sažetak Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.create_channel permission can exploit a logic mismatch between existence validation and upsert operations to reassign channel ownership and modify critical production channel configurations.
Reference
CVSS
Base: 7.6
Impact: 4.7
Exploitability:2.8
Pristup
VektorSloženostAutentikacija
NETWORK LOW LOW
Impact
PovjerljivostCjelovitostDostupnost
LOW HIGH LOW
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Zadnje važnije ažuriranje 01-07-2026 - 14:16
Objavljeno 30-06-2026 - 23:17