Loading market data...
← Back to CVE feed

CVE-2026-56236

MEDIUM CVSS 6.1 View on NVD ↗

Description

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
Published: Jun 21, 2026 14:16 UTC Modified: Jun 21, 2026 14:16 UTC