3 matches found
EUVD-2026-38751
Capgo before 12.128.2 contains an information disclosure vulnerability in the public.existappv2 RPC function that allows unauthenticated attackers to enumerate appids by calling POST /rest/v1/rpc/existappv2 with arbitrary appid parameters. Remote attackers can exploit this SECURITY DEFINER functi...
CVE-2026-56337
Capgo before 12.128.2 has an information disclosure in the public.exist_app_v2 RPC function that lets unauthenticated attackers enumerate app_ids via POST /rest/v1/rpc/exist_app_v2 with arbitrary appid parameters. This SECURITY DEFINER function can reveal whether specific app_ids exist in the pub...
EUVD-2026-38125
Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:appid endpoint that allows app-limited API keys to distinguish existing sibling app IDs through differential error responses. Attackers can enumerate real app IDs outside their allowed scope by...