Description
Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.create_channel permission can exploit a logic mismatch between existence validation and upsert operations to reassign channel ownership and modify critical production channel configurations.
Published: 2026-06-30
Score: 7.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An authorization bypass exists in Capgo’s channel creation endpoint that lets an authenticated user with the app.create_channel permission overwrite an existing channel by reusing its name. By doing so, the attacker becomes the owner of the channel and can alter critical production channel configurations. This flaw is an instance of CWE‑285, representing a missing authorization check.

Affected Systems

The vulnerability applies to Capgo releases preceding 12.128.2. No additional specific product variants or build numbers are provided. Users of older versions should verify their installed revision and upgrade if necessary.

Risk and Exploitability

The CVSS score of 7.2 signals a high severity. The EPSS score is not available, so exploitation likelihood is not quantified, yet the flaw requires the attacker to be authenticated and possess channel‑creation rights. Although it is not catalogued in CISA KEV, the potential to take over channel ownership and modify configurations constitutes a significant risk for environments that depend on Capgo for channel management.

Generated by OpenCVE AI on June 30, 2026 at 23:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Capgo to version 12.128.2 or later to apply the authorization fix.
  • Limit the app.create_channel capability to only trusted accounts and review role assignments regularly.
  • Implement or enforce a server‑side check that rejects channel creation if a channel with the same name already exists to prevent accidental overwrites.

Generated by OpenCVE AI on June 30, 2026 at 23:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Description Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.create_channel permission can exploit a logic mismatch between existence validation and upsert operations to reassign channel ownership and modify critical production channel configurations.
Title Capgo - Unauthorized Channel Overwrite and Ownership Takeover via POST /channel Name Collision
Weaknesses CWE-285
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L'}

cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-30T22:08:25.919Z

Reserved: 2026-06-19T21:53:16.001Z

Link: CVE-2026-56249

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T23:30:04Z

Weaknesses