CVE Catalog

CVE-2026-56325

LowCVSS 3.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile — higher than 12% of all known CVEs

Summary

Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for app_id lookup in the preview subdomain resolver. This allows underscore characters in app_id to act as SQL wildcards, potentially leading to unintended pattern matches.

Risk Assessment

Attackers can create apps with app_ids differing by one character at underscore positions, which may disrupt preview functionality for legitimate apps or cause app-id confusion.

Recommendation

It is recommended to upgrade to version 12.128.2 or later to eliminate the risk associated with improper pattern matching in the preview subdomain resolver.

Original NVD description (English source)

Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for app_id lookup in the preview subdomain resolver, allowing underscore characters in app_id to act as SQL wildcards. Attackers can create apps with app_ids differing by one character at underscore positions to cause unintended pattern matches, breaking preview functionality for legitimate apps or causing app-id confusion.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS