Description
Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perform unauthorized privileged app actions.
Published: 2026-06-30
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Capgo versions prior to 12.128.2 allow organization administrators to assign organization‑scoped RBAC roles to an application scope without checking that the role scope is compatible. The flaw also permits assigning such roles to pending invitees. This bypass enables an attacker with access to the org admin interface to seed high‑privilege bindings that persist after invite acceptance, thereby granting unauthorized privileged actions at the app level. The weakness is classified as CWE‑266, Privilege‑Escalation Through Confusing Role or Permission Levels.

Affected Systems

Capgo, product Capgo. All installations running any version earlier than 12.128.2 are affected. The problem is limited to the org admin side of the application and does not require specific OS or hardware platforms.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity. No EPSS score is currently available, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is through use of the Capgo management API or web interface by an org admin or an attacker who gains such privileges. Because the flaw can be exercised remotely via authenticated requests, the exploitation conditions are relatively straightforward for any compromised or malicious org admin account. Given the high magnitude of potential privilege escalation, the risk to affected deployments is significant.

Generated by OpenCVE AI on June 30, 2026 at 23:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Capgo to version 12.128.2 or later to resolve the role‑assignment validation flaw.
  • Limit the creation of org‑scoped RBAC roles to trusted administrators and verify that role scopes match the intended application scope before approval.
  • Revoke all pending invitations and re‑issue them with the correct role scopes after applying the patch to remove any pre‑seeded high‑privilege bindings.

Generated by OpenCVE AI on June 30, 2026 at 23:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Description Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perform unauthorized privileged app actions.
Title Capgo - Privilege Escalation via Cross-Scope RBAC Role Assignment
Weaknesses CWE-266
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-30T22:08:24.865Z

Reserved: 2026-06-19T21:53:16.001Z

Link: CVE-2026-56247

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T23:30:04Z

Weaknesses
  • CWE-266

    Incorrect Privilege Assignment