Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/24 11:53 a.m.33 views

CVE-2026-56257 Capgo - Authorization Bypass in App Ownership Transfer via Direct PostgREST Update

Capgo before 12.128.2 allows direct patching of public.apps.ownerorg through PostgREST, bypassing the transferapp workflow and creating split-brain ownership. Attackers can directly update apps.ownerorg while leaving appversions.ownerorg unchanged, enabling old-org keys to retain access to versio...

7.1CVSS0.00182EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.7 views

CVE-2026-56257

Capgo before 12.128.2 allows direct patching of public.apps.ownerorg through PostgREST, bypassing the transferapp workflow and creating split-brain ownership. Attackers can directly update apps.ownerorg while leaving appversions.ownerorg unchanged, enabling old-org keys to retain access to versio...

7.1CVSS5.9AI score0.00182EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 11:53 a.m.10 views

EUVD-2026-38744

Capgo before 12.128.2 allows direct patching of public.apps.ownerorg through PostgREST, bypassing the transferapp workflow and creating split-brain ownership. Attackers can directly update apps.ownerorg while leaving appversions.ownerorg unchanged, enabling old-org keys to retain access to versio...

7.1CVSS5.9AI score0.00182EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 11:53 a.m.3 views

CVE-2026-56257 Capgo - Authorization Bypass in App Ownership Transfer via Direct PostgREST Update

Capgo before 12.128.2 allows direct patching of public.apps.ownerorg through PostgREST, bypassing the transferapp workflow and creating split-brain ownership. Attackers can directly update apps.ownerorg while leaving appversions.ownerorg unchanged, enabling old-org keys to retain access to versio...

7.1CVSS6AI score0.00182EPSS
Exploits0References4
Rows per page
Query Builder