Capgo CLI – Arbitrary File Overwrite via Symlink-Following in Local...

6.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Description

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI.

Basic Information

ID CVE-2026-56236

Source VulnCheck

Published Jun 21, 2026 at 13:26

Affected Product

Vendor capgo

Product cli

Affected Versions capgo cli 0

CWE Classification

CWE-59

References

{
    "lastseen": "",
    "description": "Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI.",
    "published": "2026-06-21T13:26:51.450Z",
    "modified": "2026-06-21T13:26:51.450Z",
    "type": "cve",
    "title": "Capgo CLI - Arbitrary File Overwrite via Symlink-Following in Local Credential Operations",
    "source": "VulnCheck",
    "references": "https://github.com/Cap-go/capgo/security/advisories/GHSA-8mpm-q7mh-8fvh\nhttps://www.vulncheck.com/advisories/capgo-cli-arbitrary-file-overwrite-via-symlink-following-in-local-credential-operations",
    "id": "CVE-2026-56236",
    "bulletinFamily": "",
    "cwe": [
        "CWE-59"
    ],
    "cvelist": null,
    "sourceData": "capgo cli 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "cli",
    "version": "0",
    "vendor": "capgo",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Capgo CLI – Arbitrary File Overwrite via Symlink-Following in Local Credential Operations_CVE-2026-56236