Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-56329

MEDIUM NVD
CVSS Score 6.4
Severity MEDIUM
Published Jul 10, 2026
Vendor unknown

Description

Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of double underscores to dots in preview hostname parsing. Attackers can register app IDs with underscores that collide with other tenants' dotted app IDs, causing preview misrouting and denial of preview access for victim applications.

References