CVE-2026-56240
Capgo vulnerable before version 12.128.12. The billing authorization bypass results from a flaw in the plan_valid calculation, allowing organizations with exhausted or expired usage credits to bypass billing gates and keep access to /updates, /stats, /channel_self, and attachment upload endpoints...