Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/30 10:8 p.m.6 views

CVE-2026-56247

Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perfor...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.24 views

CVE-2026-56247 Capgo - Privilege Escalation via Cross-Scope RBAC Role Assignment

Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perfor...

8.8CVSS0.00303EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:8 p.m.19 views

CVE-2026-56247

Capgo prior to version 12.128.2 contains a privilege-escalation flaw where org admins can assign org-scoped RBAC roles at the app scope without validating role-scope compatibility, including assignments to pending invitees . Attackers can pre-seed malformed high-privilege bindings that survive in...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 1:16 p.m.12 views

CVE-2026-56225

Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers get/put/delete/post. API keys created with mode=all but restricted to a single app via limitedtoapps are only checked for limitedtoorgs and not for limitedtoapps, so an app-scoped key ca...

8.7CVSS0.00292EPSS
Exploits0References2
Rows per page
Query Builder