Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2026-56328

Capgo – Integrity Issue in Release Routing via Multiple Public Channels_CVE-2026-56328

Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist simultaneously, while unnamed /updates requests with...

Capgo Capgo CVE
HIGH 7.1 CVE-2026-56320

Capgo – Org/App Scope Mismatch in Device Creation Endpoint_CVE-2026-56320

Capgo before 12.128.2 contains an authorization flaw in POST /private/create_device that accepts a caller-supplied org_id parameter without validat...

Capgo Capgo CVE
HIGH 8.7 CVE-2026-56300

Capgo – Unauthenticated API Key Validity and Permission Oracle via RPC Functions_CVE-2026-56300

Capgo before 12.128.2 contains unauthenticated security definer RPC functions get_user_id and get_org_perm_for_apikey that expose API key validity ...

Capgo Capgo CVE
HIGH 7 CVE-2026-56286

Capgo – Account Deletion Without Password Confirmation_CVE-2026-56286

Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion endpoint that allows deletion without password re-aut...

Capgo Capgo CVE
HIGH 7.2 CVE-2026-56249

Capgo – Unauthorized Channel Overwrite and Ownership Takeover via POST /channel Name Collision_CVE-2026-56249

Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite ...

Capgo Capgo CVE
HIGH 8.7 CVE-2026-56247

Capgo – Privilege Escalation via Cross-Scope RBAC Role Assignment_CVE-2026-56247

Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pend...

Capgo Capgo CVE
HIGH 8.7 CVE-2026-56233

Capgo – SSRF and Privilege Escalation via Path Traversal in Builder Upload Proxy_CVE-2026-56233

Capgo before 12.128.2 contains a path traversal vulnerability in the builder upload proxy that allows authenticated users with build permissions to...

Capgo Capgo CVE
HIGH 8.7 CVE-2026-56230

Capgo – Broken Object Level Authorization via x-limited-key-id Header_CVE-2026-56230

Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey() that accepts the client-controlled x-limited-ke...

Capgo Capgo CVE
HIGH 8.7 CVE-2026-56219

Capgo – Unauthenticated RBAC Bindings and Email Disclosure via get_org_user_access_rbac NULL-auth Bypass_CVE-2026-56219

Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.get_org_user_access_rbac function that allows unauthenticated attacke...

Capgo Capgo CVE
HIGH 8.2 CVE-2026-54673

electron-updater: Cross-origin redirect leaks `PRIVATE-TOKEN` and mixed-case `Authorization` credentials in `builder-util-runtime`_CVE-2026-54673

electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler (HttpExecutor.prepareRedirectUrlOptions)...

electron-userland electron-builder < 26.15.0 CVE