All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-56334
MEDIUMpublished 2026-06-30 23:17 UTC · 4 days ago · modified 2026-07-01 14:16 UTC
5.3
CVSS / 10
// description
Capgo before 12.128.2 lacks an UPDATE row-level security policy for the build_requests table, preventing API-key and anonymous access from persisting builder status updates. Attackers can exploit this missing policy to cause build status and error details to remain unpersisted, leaving build_requests rows stuck in pending state with null last_error values.
// weaknesses (CWE)
- CWE-284