CVE-2026-56302 - Capgo - Unsecured Supabase Images Bucket via Missing Row Level Security
CVE ID :CVE-2026-56302
Published : June 24, 2026, 11:53 a.m. | 1 hour, 48 minutes ago
Description :Capgo before 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing unauthenticated attackers to read, insert, and delete stored app icons. Remote attackers can exploit this misconfiguration to delete all icons and leak sensitive app IDs and user IDs.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : June 24, 2026, 11:53 a.m. | 1 hour, 48 minutes ago
Description :Capgo before 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing unauthenticated attackers to read, insert, and delete stored app icons. Remote attackers can exploit this misconfiguration to delete all icons and leak sensitive app IDs and user IDs.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...