CVE-2026-56329 - CERT CVE
ID CVE-2026-56329
Sažetak Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of double underscores to dots in preview hostname parsing. Attackers can register app IDs with underscores that collide with other tenants' dotted app IDs, causing preview misrouting and denial of preview access for victim applications.
Reference
CVSS
Base: 6.4
Impact: 2.7
Exploitability:3.1
Pristup
VektorSloženostAutentikacija
NETWORK LOW LOW
Impact
PovjerljivostCjelovitostDostupnost
NONE LOW LOW
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
Zadnje važnije ažuriranje 10-07-2026 - 17:17
Objavljeno 10-07-2026 - 15:16