4 matches found
CVE-2026-56216
Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey endpoint that allows app-limited API keys to mint unrestricted keys by setting empty limits. Attackers with a compromised app-limited key can create an unrestricted key with org-wide access to resourc...
CVE-2026-56216
Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey endpoint that allows app-limited API keys to mint unrestricted keys by setting empty limits. Attackers with a compromised app-limited key can create an unrestricted key with org-wide access to resourc...
PT-2026-51046
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A scope escalation issue exists in the 'POST /functions/v1/apikey' endpoint. This allows users with app-limited API keys to generate unrestricted keys by providing empty limits. An attacker possessi...
Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement
New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data. The findings come from Truffle Security, which discovered nearly 3,000 Google API keys...