CVE-2026-56236

CVE-2026-56236CVE-2026-56236

Description

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI.

Scoring

CVSS 6.1 ()
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
Last modified2026-06-21
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.