Lucene search
K

4 matches found

NVD
NVD
added 2026/06/24 1:16 p.m.10 views

CVE-2026-56232

Capgo before 12.128.2 fails to enforce limitedtoorgs and limitedtoapps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the...

8.8CVSS0.00266EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 11:53 a.m.8 views

EUVD-2026-38739

Capgo before 12.128.2 fails to enforce limitedtoorgs and limitedtoapps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 11:53 a.m.3 views

CVE-2026-56232 Capgo - Subkey Scope Bypass in middlewareKey via x-limited-key-id Header

Capgo before 12.128.2 fails to enforce limitedtoorgs and limitedtoapps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the...

8.7CVSS6AI score0.00266EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 11:53 a.m.8 views

CVE-2026-56232

Capgo is affected: before version 12.128.2, the system does not enforce limited_to_orgs and limited_to_apps on subkeys supplied via the x-limited-key-id header in the middlewareKey function. This allows attackers to reference their own subkeys and bypass subkey scope restrictions, causing downstr...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References2
Rows per page
Query Builder