Loading market data...
← Back to CVE feed

CVE-2026-56227

MEDIUM CVSS 5.4 View on NVD ↗

Description

Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allows loopback and internal addresses. Organization admins can configure webhooks pointing to localhost or 127.0.0.1, and when triggered, the backend performs outbound requests to these addresses with error responses disclosed to users.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Published: Jun 20, 2026 16:17 UTC Modified: Jun 20, 2026 16:17 UTC