Back to overview

CVE-2026-56333

MEDIUM
4.3
CVSS 3.1
Description
Capgo before 12.128.2 contains a server-side validation bypass vulnerability in organization security settings that allows authenticated org admins to persist invalid security policy state. Attackers can bypass backend validation by directly updating the public.orgs table from the browser, circumventing field-level validation checks for max_apikey_expiration_days and other security-sensitive configuration parameters.

Metadata

CVE ID
CVE-2026-56333
State
PUBLISHED
Assigner
VulnCheck
Reserved
2026-06-20 13:13 UTC
Published
2026-06-30 22:08 UTC
Last updated
2026-06-30 22:08 UTC
Primary CWE
CWE-20
Improper Input Validation
Vendor / Product
Capgo / Capgo
Sources
cve.org  ·  NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected products (1)
VendorProductPlatformVersions
Capgo Capgo 0 < 12.128.2, 12.128.2
Weakness (CWE)
CWESourceDescription
CWE-20 cna Improper Input Validation
CVSS scores (2)
ScoreSeverityVersionSourceVector
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
References (2)
Back to overview