CyberRota
← Ana sayfaya dön

CVE-2026-56225

HIGH · CVSS 8.3 EPSS %0.29 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-23T13:16:44.250 · Çekilme zamanı: 2026-06-30T18:29:59.856865+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

GitHub PoC Linkleri
github.com

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-56225
Severity
HIGH
CVSS
8.3
EPSS
%0.29

Orijinal NVD Açıklaması

Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers (get/put/delete/post). API keys created with mode=all but restricted to a single app via limited_to_apps are only checked for limited_to_orgs and not for limited_to_apps, so an app-scoped key can enumerate, update, and delete sibling API keys belonging to the same account that are outside its declared app scope, enabling tampering with account-level credentials.