Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of double underscores to dots in preview hostname parsing. Attackers can register app IDs with underscores that collide with other tenants' dotted app IDs, causing preview misrouting and denial of preview access for victim applications.
Metrics
Affected Vendors & Products
References
History
Fri, 10 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 10 Jul 2026 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of double underscores to dots in preview hostname parsing. Attackers can register app IDs with underscores that collide with other tenants' dotted app IDs, causing preview misrouting and denial of preview access for victim applications. | |
| Title | Capgo - Cross-Tenant Preview Namespace Collision via Non-Bijective Underscore Decoding | |
| Weaknesses | CWE-436 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-10T15:45:22.401Z
Reserved: 2026-06-20T13:06:29.994Z
Link: CVE-2026-56329
Updated: 2026-07-10T15:44:53.687Z
No data.
No data.
OpenCVE Enrichment
No data.