CVE-2026-56233 PUBLISHED

Capgo - SSRF and Privilege Escalation via Path Traversal in Builder Upload Proxy

Assigner: VulnCheck
Reserved: 19.06.2026 Published: 30.06.2026 Updated: 01.07.2026

Capgo before 12.128.2 contains a path traversal vulnerability in the builder upload proxy that allows authenticated users with build permissions to bypass upload restrictions. Attackers can append traversal sequences to the upload path, which are normalized by the WHATWG URL parser, enabling access to internal administrative endpoints with the privileged BUILDER_API_KEY header and resulting in server-side privilege escalation.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
CVSS Score: 8.7

Product Status

Vendor Capgo
Product Capgo
Versions Default: unaffected
  • affected from 0 to 12.128.2 (excl.)
  • Version 12.128.2 is unaffected

Credits

  • hunt-with-4bh1 reporter

References

Problem Types

  • Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE