All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-56249
HIGHpublished 2026-06-30 23:17 UTC · 4 days ago · modified 2026-07-01 14:16 UTC
7.2
CVSS / 10
// description
Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.create_channel permission can exploit a logic mismatch between existence validation and upsert operations to reassign channel ownership and modify critical production channel configurations.
// weaknesses (CWE)
- CWE-285