CVE-2026-56251
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users to elevate privileges from admin to super_admin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized super_admin access.
Risk Assessment
The organization is at risk of unauthorized access to critical system functions, potentially leading to serious security breaches.
Recommendation
It is recommended to update Capgo to version 12.128.2 or later to fix this security vulnerability.
Original NVD description (English source)
Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users to elevate privileges from admin to super_admin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized super_admin access and compromise system security.

