CVE-2026-56251

MEDIUM 6.5

Capgo - Privilege Escalation via Broken Row Level Security in org_users

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users to elevate privileges from admin to super_admin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized super_admin access and compromise system security.

CWE	CWE-266
Vendor	capgo
Product	capgo
Published	Jun 21, 2026

Stay Ahead of the Next One

Get instant alerts for capgo capgo

Be the first to know when new medium vulnerabilities affecting capgo capgo are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Affected Versions

Capgo / Capgo

0 < 12.128.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/Cap-go/capgo/security/advisories/GHSA-9xqh-f26v-9c9h vulncheck.com: https://www.vulncheck.com/advisories/capgo-privilege-escalation-via-broken-row-level-security-in-org-users