CVE-2026-56245
Summary (MODE C): Supabase Capgo before 12.128.2 contains an authorization bypass in the SECURITY DEFINER record_build_time RPC, allowing unauthenticated attackers to insert arbitrary build-time records. Exploitation path: POST /rest/v1/rpc/record_build_time with a public API key. Impact: cross‑t...