CVE-2026-56302
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk11th percentile — higher than 11% of all known CVEs
Summary
Capgo before version 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing unauthenticated attackers to read, insert, and delete stored app icons.
Risk Assessment
Remote attackers can exploit this misconfiguration to delete all icons and leak sensitive app IDs and user IDs, potentially leading to serious privacy breaches.
Recommendation
It is recommended to upgrade to version 12.128.2 or later and implement appropriate row level security controls for images buckets.
Original NVD description (English source)
Capgo before 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing unauthenticated attackers to read, insert, and delete stored app icons. Remote attackers can exploit this misconfiguration to delete all icons and leak sensitive app IDs and user IDs.

