Skip to main content

Capgo EUVDEUVD-2026-42254

| CVE-2026-56293 MEDIUM
Improper Authorization (CWE-285)
2026-07-08 disclosure@vulncheck.com GHSA-9ph8-2cv6-679j
5.3
CVSS 4.0 · Vendor: vulncheck
Share

Severity by source

Vendor (vulncheck) PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.4 MEDIUM

Network-accessible with low privileges required since attacker must be authenticated; confidentiality and integrity impact limited to deployment history records with no availability or scope-change effect.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (vulncheck).

CVSS VectorVendor: vulncheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 08, 2026 - 15:03 vuln.today
Patch available
Jul 08, 2026 - 15:01 EUVD

DescriptionCVE.org

Capgo before 12.128.2 contains an authorization flaw in transfer_app() that fails to update deploy_history.owner_org when transferring applications between organizations. Attackers can exploit this omission to retain unauthorized access to deployment history records in the source organization or cause the destination organization to lose access to transferred application deployment records.

AnalysisAI

Incomplete state management in Capgo's transfer_app() function allows low-privileged authenticated users to retain or cause loss of access to deployment history records across organizations. Specifically, the function fails to update the deploy_history.owner_org field during inter-organization application transfers in all versions before 12.128.2, creating a persistent stale authorization grant. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privilege Capgo user
Delivery
Initiate cross-organization application transfer via transfer_app()
Exploit
Observe stale deploy_history.owner_org field retained from source org
Execution
Access deployment history records in source org without authorization
Impact
Enumerate CI/CD deployment metadata for lateral movement or competitive intelligence

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated Capgo account with at least low-level privileges (PR:L per the CVSS 4.0 vector) in an instance configured with multiple organizations where the transfer_app() function is available and used. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N) characterizes this as a network-accessible, low-complexity flaw requiring low-privilege authentication with limited confidentiality and integrity impact confined to the vulnerable system. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated low-privilege user within a multi-organization Capgo instance initiates a cross-organization application transfer. After the transfer completes, because deploy_history.owner_org is not updated, the attacker retains access to deployment history records in the source organization - reading deployment timelines, version metadata, and release configurations - or prevents the destination organization from accessing those records through the now-inconsistent ownership field. …
Remediation Upgrade Capgo to version 12.128.2 or later, which resolves the incomplete deploy_history.owner_org update in transfer_app(). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42254 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy