CVE-2026-56303

Source
https://cve.org/CVERecord?id=CVE-2026-56303
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-56303.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-56303
Aliases
  • GHSA-2xjq-h43m-592f
Published
2026-07-11T13:00:57.777Z
Modified
2026-07-13T04:00:46.752791512Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Capgo - Unauthenticated API Key Metadata Disclosure via SECURITY DEFINER RPC Function
Details

Capgo before 12.128.2 contains an information disclosure vulnerability in the findapikeybyvalue PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/findapikeybyvalue endpoint to retrieve sensitive API key metadata including user_id, mode, org scoping, and expiration details when supplied a valid key value.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/56xxx/CVE-2026-56303.json",
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-200"
    ]
}
References

Affected packages

Git / github.com/cap-go/capgo

Affected ranges

Type
GIT
Repo
https://github.com/cap-go/capgo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "DESCRIPTION"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "12.128.2"
        }
    ]
}

Affected versions

0.*
0.1.6
0.1.8
0.11.0
0.14.0
0.14.2
0.14.5
0.14.6
0.15.1
0.16.0
0.16.1
0.16.3
0.18.2
0.19.0
0.20.1
0.20.2
0.23.0
0.24.1
0.26.0
0.26.1
0.29.1
0.29.5
0.3.1
0.30.12
0.30.12-alpha.1
0.30.19
0.30.2
0.30.5-alpha.4
0.30.6-alpha.0
0.30.6-alpha.2
0.30.8-alpha.0
0.30.8-alpha.1
0.30.8-alpha.4
0.30.9-alpha.0
0.30.9-alpha.10
0.30.9-alpha.15
0.30.9-alpha.16
0.30.9-alpha.3
0.30.9-alpha.6
0.30.9-alpha.9
0.6.1
1.*
1.10.0
1.10.1
1.10.2
1.11.0
1.11.1
1.12.1
1.13.11
1.13.12
1.13.13
1.13.3
1.13.4
1.13.5
1.14.4
1.14.6
1.16.0-alpha.0
1.16.1-alpha.0
1.16.3-alpha.0
1.17.0
1.17.0-alpha.0
1.17.0-alpha.1
1.18.0
1.18.1
1.18.10
1.18.16
1.18.2
1.18.24
1.18.26
1.18.28
1.18.33
1.18.36
1.18.4
1.18.5
1.18.8
1.18.9
1.19.3
1.19.4
1.19.5
1.20.0
1.20.1
1.20.2
1.20.3
1.21.0
1.21.10
1.21.11
1.21.19
1.21.23
1.21.25
1.21.6
1.21.7
1.21.8
1.21.9
1.22.1
1.22.2
1.23.0
1.23.1
1.24.0
1.24.1
1.24.10
1.24.16
1.24.17
1.24.18
1.24.2
1.24.3
1.25.14
1.25.2
1.25.6
1.25.7
1.26.1
1.26.2
1.27.0
1.27.1
1.27.2
1.27.3
1.27.6
1.28.3
1.31.1
1.31.3
1.31.4
1.33.3
1.34.0
1.35.0
1.35.1
1.36.12
1.36.15
1.36.22
1.36.24
1.36.25
1.36.4
1.36.41
1.36.49
1.36.7
1.36.8
1.37.15
1.37.22
1.37.31
1.37.5
1.39.0
1.43.1
1.44.1
1.44.11
1.44.12
1.44.15
1.44.16
1.44.19
1.44.21
1.44.26
1.45.0
1.45.1
1.45.2
1.45.3
1.45.4
1.46.0
1.46.4
1.47.0
1.47.1
1.47.3
1.48.0
1.48.1
1.50.0
1.50.1
1.50.2
1.50.3
1.51.0
1.52.1
1.52.2
1.52.3
1.53.0
1.53.1
1.53.2
1.53.3
1.53.4
1.53.5
1.53.6
1.53.7
1.53.8
1.54.0
1.54.1
1.54.2
1.54.3
1.54.4
1.54.5
1.54.6
1.54.9
1.55.0
1.55.12
1.55.2
1.55.23
1.55.3
1.55.31
1.55.35
1.55.37
1.55.38
1.55.39
1.55.4
1.55.42
1.55.43
1.55.44
1.55.5
1.55.6
1.55.9
1.58.1
1.58.15
1.58.16
1.6.11
1.6.7
1.60.4
1.61.12
1.61.14
1.61.15
1.61.17
1.61.2
1.61.21
1.61.23
1.61.27
1.61.33
1.61.34
1.61.35
1.62.0
1.62.1
1.62.4
1.64.1
1.66.4
1.7.10
1.7.15
1.7.24
1.7.27
1.7.28
1.8.1
1.8.3
1.8.6
1.8.7-alpha.0
1.8.7-alpha.1
1.8.7-alpha.2
1.9.0-alpha.0
1.9.1
1.9.10
1.9.6
1.9.7
1.9.9
10.*
10.0.0
capgo-12.*
capgo-12.123.9
capgo-12.124.0
capgo-12.124.1
capgo-12.124.3
capgo-12.124.4
capgo-12.124.5
capgo-12.124.6
capgo-12.124.7
capgo-12.124.9
capgo-12.125.0
capgo-12.126.0
capgo-12.126.1
capgo-12.126.2
capgo-12.127.0
capgo-12.127.1
capgo-12.127.10
capgo-12.127.11
capgo-12.127.12
capgo-12.127.13
capgo-12.127.14
capgo-12.127.15
capgo-12.127.16
capgo-12.127.17
capgo-12.127.18
capgo-12.127.19
capgo-12.127.2
capgo-12.127.20
capgo-12.127.21
capgo-12.127.22
capgo-12.127.23
capgo-12.127.3
capgo-12.127.4
capgo-12.127.5
capgo-12.127.8
capgo-12.127.9
capgo-12.128.0
capgo-12.128.1
cli-7.*
cli-7.94.0
cli-7.94.1
cli-7.94.5
cli-7.94.6
cli-7.94.7
cli-7.94.8
cli-7.94.9
cli-7.95.0
cli-7.95.1
cli-7.95.10
cli-7.95.2
cli-7.95.3
cli-7.95.4
cli-7.95.5
cli-7.95.6
cli-7.95.7
cli-7.95.8
cli-7.95.9
v12.*
v12.100.0
v12.100.1
v12.100.10
v12.100.11
v12.100.12
v12.100.13
v12.100.14
v12.100.15
v12.100.3
v12.100.4
v12.100.5
v12.100.6
v12.100.7
v12.100.8
v12.100.9
v12.101.0
v12.101.1
v12.102.0
v12.102.1
v12.102.2
v12.102.3
v12.102.4
v12.102.6
v12.103.1
v12.104.2
v12.104.3
v12.105.0
v12.105.3
v12.105.4
v12.105.5
v12.105.6
v12.105.8
v12.105.9
v12.106.0
v12.106.1
v12.106.2
v12.107.0
v12.107.1
v12.107.10
v12.107.11
v12.107.19
v12.107.2
v12.107.20
v12.107.21
v12.107.22
v12.107.24
v12.107.26
v12.107.3
v12.107.4
v12.107.5
v12.107.6
v12.107.7
v12.107.8
v12.108.0
v12.108.1
v12.108.10
v12.108.11
v12.108.12
v12.108.13
v12.108.14
v12.108.15
v12.108.16
v12.108.17
v12.108.18
v12.108.19
v12.108.2
v12.108.3
v12.108.4
v12.108.5
v12.108.6
v12.108.7
v12.108.8
v12.108.9
v12.109.0
v12.109.1
v12.109.10
v12.109.11
v12.109.12
v12.109.13
v12.109.14
v12.109.15
v12.109.17
v12.109.2
v12.109.3
v12.109.4
v12.109.5
v12.109.6
v12.109.7
v12.109.8
v12.109.9
v12.110.0
v12.110.2
v12.110.3
v12.110.4
v12.110.5
v12.110.6
v12.111.1
v12.111.2
v12.111.3
v12.112.0
v12.112.1
v12.112.2
v12.112.3
v12.112.4
v12.112.5
v12.112.6
v12.113.0
v12.113.1
v12.113.2
v12.114.0
v12.114.1
v12.114.12
v12.114.2
v12.114.4
v12.114.6
v12.114.7
v12.114.9
v12.115.0
v12.115.2
v12.116.0
v12.116.1
v12.116.10
v12.116.11
v12.116.12
v12.116.13
v12.116.14
v12.116.15
v12.116.16
v12.116.17
v12.116.18
v12.116.19
v12.116.2
v12.116.20
v12.116.21
v12.116.22
v12.116.23
v12.116.24
v12.116.27
v12.116.28
v12.116.29
v12.116.3
v12.116.30
v12.116.33
v12.116.34
v12.116.39
v12.116.4
v12.116.40
v12.116.41
v12.116.45
v12.116.46
v12.116.47
v12.116.48
v12.116.49
v12.116.5
v12.116.50
v12.116.51
v12.116.52
v12.116.53
v12.116.54
v12.116.55
v12.116.56
v12.116.57
v12.116.58
v12.116.59
v12.116.6
v12.116.60
v12.116.61
v12.116.62
v12.116.63
v12.116.64
v12.116.65
v12.116.66
v12.116.67
v12.116.68
v12.116.69
v12.116.7
v12.116.70
v12.116.71
v12.116.72
v12.116.8
v12.116.9
v12.117.1
v12.117.2
v12.117.3
v12.117.4
v12.117.5
v12.117.6
v12.117.8
v12.118.0
v12.118.1
v12.118.2
v12.119.0
v12.119.10
v12.119.12
v12.119.13
v12.119.14
v12.119.15
v12.119.16
v12.119.17
v12.119.18
v12.119.19
v12.119.20
v12.119.21
v12.119.3
v12.119.4
v12.119.5
v12.119.6
v12.119.8
v12.119.9
v12.120.10
v12.120.11
v12.120.12
v12.120.13
v12.120.14
v12.120.15
v12.120.16
v12.120.19
v12.120.20
v12.120.4
v12.120.5
v12.120.6
v12.120.7
v12.120.8
v12.120.9
v12.121.0
v12.121.1
v12.121.10
v12.121.11
v12.121.2
v12.121.4
v12.121.5
v12.121.6
v12.121.7
v12.121.8
v12.121.9
v12.122.0
v12.122.1
v12.122.10
v12.122.11
v12.122.12
v12.122.13
v12.122.14
v12.122.15
v12.122.16
v12.122.2
v12.122.3
v12.122.4
v12.122.5
v12.122.6
v12.122.7
v12.122.8
v12.122.9
v12.123.0
v12.123.1
v12.123.2
v12.123.3
v12.123.4
v12.123.5
v12.123.6
v12.123.7
v12.123.8
v12.55.3
v12.55.4
v12.55.5
v12.55.8
v12.55.9
v12.56.0
v12.56.1
v12.56.10
v12.56.11
v12.56.12
v12.56.13
v12.56.14
v12.56.15
v12.56.16
v12.56.18
v12.56.2
v12.56.24
v12.56.25
v12.56.26
v12.56.4
v12.56.6
v12.56.7
v12.56.8
v12.56.9
v12.73.2
v12.84.5
v12.84.6
v12.85.0
v12.85.1
v12.85.2
v12.85.3
v12.85.4
v12.85.7
v12.85.8
v12.85.9
v12.86.0
v12.86.2
v12.87.1
v12.89.12
v12.89.14
v12.89.15
v12.89.16
v12.89.17
v12.89.5
v12.89.6
v12.89.9
v12.90.0
v12.90.1
v12.90.2
v12.90.3
v12.91.0
v12.91.1
v12.91.10
v12.91.12
v12.91.14
v12.91.15
v12.91.2
v12.91.3
v12.91.4
v12.91.5
v12.91.6
v12.91.7
v12.91.8
v12.91.9
v12.92.0
v12.93.0
v12.93.1
v12.93.2
v12.93.3
v12.93.4
v12.93.5
v12.93.6
v12.94.0
v12.94.1
v12.94.2
v12.94.6
v12.95.0
v12.96.0
v12.96.1
v12.96.2
v12.97.0
v12.97.1
v12.98.1
v12.98.2
v12.98.3
v12.99.0
v12.99.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-56303.json"