Skip to main content

Capgo CLI CVE-2026-56236

| EUVDEUVD-2026-38165 MEDIUM
Improper Link Resolution Before File Access (CWE-59)
2026-06-21 VulnCheck GHSA-4ch8-prch-6prf
6.8
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.1 MEDIUM

Local vector because attacker pre-plants symlinks in a repo; UI:R for mandatory developer CLI invocation; C:L for world-readable credential exposure; I:H for arbitrary file overwrite.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

3
Source Code Evidence Fetched
Jun 22, 2026 - 06:34 vuln.today
Analysis Generated
Jun 22, 2026 - 06:34 vuln.today
Patch available
Jun 21, 2026 - 15:31 EUVD

DescriptionCVE.org

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI.

AnalysisAI

Symlink-following vulnerabilities in Capgo CLI before version 12.128.2 (npm @capgo/cli < 7.84.6) allow an attacker who controls a repository to overwrite arbitrary files on a developer's machine and expose sensitive signing credentials when the developer runs CLI login or build credential operations inside that repository. Three distinct issues are present: unsafe writeFileSync on .capgo and .capgo-credentials.json without symlink validation, and global credential files written with world-readable 664 permissions instead of the required 0600. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Plant symlinks in shared repository
Delivery
Developer clones or pulls repository
Exploit
Developer runs capgo login/build credentials command
Execution
CLI writes through symlink without validation
Impact
Arbitrary developer-owned file overwritten with attacker content

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to have pre-placed symbolic links named .capgo or .capgo-credentials.json within a directory where the developer subsequently runs the Capgo CLI. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 6.8 reflects a local attack vector (AV:L) requiring active user interaction (UI:A), which significantly constrains mass exploitation compared to network-reachable flaws. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker publishes or contributes to a repository containing pre-planted symbolic links: .capgo pointing to a critical developer-owned file such as ~/.ssh/authorized_keys, and .capgo-credentials.json pointing to a shared configuration file. When the developer clones this repository and runs capgo login SOME_KEY --local or capgo build credentials save --local within it, the CLI writes attacker-controlled content directly to the symlink targets - overwriting SSH keys, configuration files, or other sensitive paths. …
Remediation The primary fix is to upgrade @capgo/cli to version 7.84.6 or later via npm (npm install -g @capgo/cli@7.84.6 or equivalent). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-56236 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy