Loading market data...
← Back to CVE feed

CVE-2026-53867

MEDIUM CVSS 4.3 View on NVD ↗

Description

Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Published: Jun 12, 2026 22:16 UTC Modified: Jun 12, 2026 22:16 UTC