Capgo – Subkey Scope Bypass in middlewareKey via x-limited-key-id Header

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Capgo before 12.128.2 fails to enforce limited_to_orgs and limited_to_apps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the unrestricted parent key instead of the scoped subkey.

AI Analysis

Subkey scope bypass vulnerability in Capgo middlewareKey function via x-limited-key-id header

Basic Information

ID CVE-2026-56232

Source VulnCheck

Published Jun 24, 2026 at 11:53

Modified Jun 24, 2026 at 12:14

Affected Product

Vendor Capgo

Product Capgo

Affected Versions Capgo Capgo 0

CWE Classification

CWE-863

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Capgo

Product Capgo

Version before 12.128.2

References

{
    "lastseen": "",
    "description": "Capgo before 12.128.2 fails to enforce limited_to_orgs and limited_to_apps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the unrestricted parent key instead of the scoped subkey.",
    "published": "2026-06-24T11:53:09.410Z",
    "modified": "2026-06-24T12:14:32.062Z",
    "type": "cve",
    "title": "Capgo - Subkey Scope Bypass in middlewareKey via x-limited-key-id Header",
    "source": "VulnCheck",
    "references": "https://github.com/Cap-go/capgo/security/advisories/GHSA-2h89-vcvx-5pvh\nhttps://www.vulncheck.com/advisories/capgo-subkey-scope-bypass-in-middlewarekey-via-x-limited-key-id-header",
    "id": "CVE-2026-56232",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "Capgo Capgo 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Capgo",
    "version": "0",
    "vendor": "Capgo",
    "ai_description": "Subkey scope bypass vulnerability in Capgo middlewareKey function via x-limited-key-id header",
    "ai_severity": "High",
    "ai_vendor": "Capgo",
    "ai_product": "Capgo",
    "ai_version": "before 12.128.2",
    "ai_score": 8.7
}

Capgo – Subkey Scope Bypass in middlewareKey via x-limited-key-id Header_CVE-2026-56232