CVE-2026-56323 Capgo - Unauthenticated Channel Enumeration and App Oracle via GET /channel_self
Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channelself endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary...