CVE-2026-56236
Published
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI.
Console, Backend and CLI to manage Capgo Instant update and Native build for Capacitor apps
GitHub