CVE-2026-56236 | Capgo CLI before 12.128.2 contains arbitrary file overwrite … | CVSS 6.1 MEDIUM

Description

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI.

Metadata

CVE ID: CVE-2026-56236
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-19 21:50 UTC
Published: 2026-06-21 13:26 UTC
Last updated: 2026-06-21 13:26 UTC
Primary CWE: CWE-59
Improper Link Resolution Before File Access ('Link Following…
Vendor / Product: capgo / cli
Sources: cve.org · NVD

Severity & Metrics

6.1 MEDIUM CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

Affected products (1)

Vendor	Product	Platform	Versions
capgo	cli	—	0 < 12.128.2, 12.128.2

Weakness (CWE)

CWE	Source	Description
CWE-59	cna	Improper Link Resolution Before File Access ('Link Following')

CVSS scores (2)

Score	Severity	Version	Source	Vector
6.8	MEDIUM	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
6.1	MEDIUM	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

References (2)

GHSA Advisory GHSA-8mpm-q7mh-8fvh https://github.com/Cap-go/capgo/security/advisories/GHSA-8mpm-q7mh-8fvh
VulnCheck Advisory: Capgo CLI - Arbitrary File Overwrite via Symlink-Following in Local Credential Operations https://www.vulncheck.com/advisories/capgo-cli-arbitrary-file-overwrite-via-symlink-following-in-local-credential-operations