SecuriTricks - CVE-2026-56236

Description

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI.

Product(s) Impacted

Vendor	Product	Versions
Capgo	Cli	<12.128.2

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	capgo	cli	<12.128.2	/	/	/	/	/	/	/

References

https://github.com/Cap-go/capgo/security/advisories/GHSA-8mpm-q7mh-8fvh

https://www.vulncheck.com/advisories/capgo-cli-arbitrary-file-overwrite-via-symlink-following-in-local-credential-operations

CVSS Score

6.8 / 10

CVSS Data - 4.0

Attack Vector: LOCAL
Attack Complexity: LOW
Attack Requirements: NONE
Privileges Required: NONE
User Interaction: ACTIVE
Scope:
Confidentiality Impact: LOW
Integrity Impact: HIGH
Availability Impact: NONE
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: June 21, 2026, 2:16 p.m.
Last Modified: June 21, 2026, 2:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2026-56236