Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 30 Jun 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perform unauthorized privileged app actions. | |
| Title | Capgo - Privilege Escalation via Cross-Scope RBAC Role Assignment | |
| Weaknesses | CWE-266 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-30T22:08:24.865Z
Reserved: 2026-06-19T21:53:16.001Z
Link: CVE-2026-56247
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-30T23:30:04Z