Description
Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI.
Published: 2026-06-21
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Capgo CLI before version 12.128.2 is vulnerable to an arbitrary file overwrite flaw in its login and build credential commands. The application follows symbolic links without validation, allowing an attacker who can place a malicious symlink inside a repository to overwrite any file that the CLI has write access to or to expose stored credentials by making them world‑readable. This weakness, identified as CWE‑59, can lead to unauthorized modification of application files or leakage of sensitive data, affecting the integrity and confidentiality of the build environment.

Affected Systems

Products affected are the Capgo CLI tool, any installation running a version earlier than 12.128.2. The vulnerability is triggered by local repository contents, meaning that any user running the CLI commands in a compromised repository is at risk. Users of the CLI on public or shared development repositories should check for unintended symlinks.

Risk and Exploitability

The CVSS score is 6.8, indicating moderate severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local, as an attacker needs to create a symlink within the repository and have a developer execute the CLI’s login or build commands. Because the flaw permits arbitrary file overwrite or credential exposure, the risk to a system is significant if an attacker gains access to write to repository files. Timely patching is advised to mitigate this risk.

Generated by OpenCVE AI on June 21, 2026 at 16:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Capgo CLI to version 12.128.2 or later, where the symlink validation has been corrected.
  • Ensure that credential files created by the CLI are set to restrictive permissions, preventing world‑readable access.
  • Audit code repositories for unexpected symbolic links before executing the CLI’s login or build operations.
  • When an upgrade is not immediately possible, avoid using the login or build credential commands with local repositories and instead manage secrets via dedicated secret management solutions.

Generated by OpenCVE AI on June 21, 2026 at 16:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Capgo
Capgo cli
Vendors & Products Capgo
Capgo cli

Mon, 22 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI.
Title Capgo CLI - Arbitrary File Overwrite via Symlink-Following in Local Credential Operations
Weaknesses CWE-59
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-22T18:12:12.186Z

Reserved: 2026-06-19T21:50:06.625Z

Link: CVE-2026-56236

cve-icon Vulnrichment

Updated: 2026-06-22T18:11:06.426Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:03:50Z

Weaknesses
  • CWE-59

    Improper Link Resolution Before File Access ('Link Following')