CVE-2026-53867
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs.
Risk Assessment
The organization is at risk of unauthorized access to user-uploaded content, potentially leading to privacy breaches and data leaks.
Recommendation
It is recommended to upgrade to version 12.128.2 or later to ensure orphaned image files are deleted and minimize the risk of unauthorized access.
Original NVD description (English source)
Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content.

