CVE-2026-56325 - Capgo - App ID Confusion via ILIKE Wildcard in Preview Subdomain Lookup
CVE ID :CVE-2026-56325
Published : June 20, 2026, 3:21 p.m. | 18 minutes ago
Description :Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for app_id lookup in the preview subdomain resolver, allowing underscore characters in app_id to act as SQL wildcards. Attackers can create apps with app_ids differing by one character at underscore positions to cause unintended pattern matches, breaking preview functionality for legitimate apps or causing app-id confusion.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : June 20, 2026, 3:21 p.m. | 18 minutes ago
Description :Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for app_id lookup in the preview subdomain resolver, allowing underscore characters in app_id to act as SQL wildcards. Attackers can create apps with app_ids differing by one character at underscore positions to cause unintended pattern matches, breaking preview functionality for legitimate apps or causing app-id confusion.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...