CVE-2026-56302

CVE-2026-56302CVE-2026-56302

Description

Capgo before 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing unauthenticated attackers to read, insert, and delete stored app icons. Remote attackers can exploit this misconfiguration to delete all icons and leak sensitive app IDs and user IDs.

Scoring

CVSS 6.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Last modified2026-06-24
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.