CVE-2026-56329

Source
https://cve.org/CVERecord?id=CVE-2026-56329
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-56329.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-56329
Aliases
  • GHSA-76qq-gg2p-pwwj
Published
2026-07-10T13:57:56.297Z
Modified
2026-07-15T01:48:53.396515934Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L CVSS Calculator
Summary
Capgo - Cross-Tenant Preview Namespace Collision via Non-Bijective Underscore Decoding
Details

Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of double underscores to dots in preview hostname parsing. Attackers can register app IDs with underscores that collide with other tenants' dotted app IDs, causing preview misrouting and denial of preview access for victim applications.

Database specific
{
    "cwe_ids": [
        "CWE-436"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/56xxx/CVE-2026-56329.json",
    "cna_assigner": "VulnCheck"
}
References

Affected packages

Git / github.com/cap-go/capgo

Affected ranges

Type
GIT
Repo
https://github.com/cap-go/capgo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "12.128.2"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "DESCRIPTION"
    ]
}

Affected versions

0.*
0.1.6
0.1.8
0.11.0
0.14.0
0.14.2
0.14.5
0.14.6
0.15.1
0.16.0
0.16.1
0.16.3
0.18.2
0.19.0
0.20.1
0.20.2
0.23.0
0.24.1
0.26.0
0.26.1
0.29.1
0.29.5
0.3.1
0.30.12
0.30.12-alpha.1
0.30.19
0.30.2
0.30.5-alpha.4
0.30.6-alpha.0
0.30.6-alpha.2
0.30.8-alpha.0
0.30.8-alpha.1
0.30.8-alpha.4
0.30.9-alpha.0
0.30.9-alpha.10
0.30.9-alpha.15
0.30.9-alpha.16
0.30.9-alpha.3
0.30.9-alpha.6
0.30.9-alpha.9
0.6.1
1.*
1.10.0
1.10.1
1.10.2
1.11.0
1.11.1
1.12.1
1.13.11
1.13.12
1.13.13
1.13.3
1.13.4
1.13.5
1.14.4
1.14.6
1.16.0-alpha.0
1.16.1-alpha.0
1.16.3-alpha.0
1.17.0
1.17.0-alpha.0
1.17.0-alpha.1
1.18.0
1.18.1
1.18.10
1.18.16
1.18.2
1.18.24
1.18.26
1.18.28
1.18.33
1.18.36
1.18.4
1.18.5
1.18.8
1.18.9
1.19.3
1.19.4
1.19.5
1.20.0
1.20.1
1.20.2
1.20.3
1.21.0
1.21.10
1.21.11
1.21.19
1.21.23
1.21.25
1.21.6
1.21.7
1.21.8
1.21.9
1.22.1
1.22.2
1.23.0
1.23.1
1.24.0
1.24.1
1.24.10
1.24.16
1.24.17
1.24.18
1.24.2
1.24.3
1.25.14
1.25.2
1.25.6
1.25.7
1.26.1
1.26.2
1.27.0
1.27.1
1.27.2
1.27.3
1.27.6
1.28.3
1.31.1
1.31.3
1.31.4
1.33.3
1.34.0
1.35.0
1.35.1
1.36.12
1.36.15
1.36.22
1.36.24
1.36.25
1.36.4
1.36.41
1.36.49
1.36.7
1.36.8
1.37.15
1.37.22
1.37.31
1.37.5
1.39.0
1.43.1
1.44.1
1.44.11
1.44.12
1.44.15
1.44.16
1.44.19
1.44.21
1.44.26
1.45.0
1.45.1
1.45.2
1.45.3
1.45.4
1.46.0
1.46.4
1.47.0
1.47.1
1.47.3
1.48.0
1.48.1
1.50.0
1.50.1
1.50.2
1.50.3
1.51.0
1.52.1
1.52.2
1.52.3
1.53.0
1.53.1
1.53.2
1.53.3
1.53.4
1.53.5
1.53.6
1.53.7
1.53.8
1.54.0
1.54.1
1.54.2
1.54.3
1.54.4
1.54.5
1.54.6
1.54.9
1.55.0
1.55.12
1.55.2
1.55.23
1.55.3
1.55.31
1.55.35
1.55.37
1.55.38
1.55.39
1.55.4
1.55.42
1.55.43
1.55.44
1.55.5
1.55.6
1.55.9
1.58.1
1.58.15
1.58.16
1.6.11
1.6.7
1.60.4
1.61.12
1.61.14
1.61.15
1.61.17
1.61.2
1.61.21
1.61.23
1.61.27
1.61.33
1.61.34
1.61.35
1.62.0
1.62.1
1.62.4
1.64.1
1.66.4
1.7.10
1.7.15
1.7.24
1.7.27
1.7.28
1.8.1
1.8.3
1.8.6
1.8.7-alpha.0
1.8.7-alpha.1
1.8.7-alpha.2
1.9.0-alpha.0
1.9.1
1.9.10
1.9.6
1.9.7
1.9.9
10.*
10.0.0
capgo-12.*
capgo-12.123.9
capgo-12.124.0
capgo-12.124.1
capgo-12.124.3
capgo-12.124.4
capgo-12.124.5
capgo-12.124.6
capgo-12.124.7
capgo-12.124.9
capgo-12.125.0
capgo-12.126.0
capgo-12.126.1
capgo-12.126.2
capgo-12.127.0
capgo-12.127.1
capgo-12.127.10
capgo-12.127.11
capgo-12.127.12
capgo-12.127.13
capgo-12.127.14
capgo-12.127.15
capgo-12.127.16
capgo-12.127.17
capgo-12.127.18
capgo-12.127.19
capgo-12.127.2
capgo-12.127.20
capgo-12.127.21
capgo-12.127.22
capgo-12.127.23
capgo-12.127.3
capgo-12.127.4
capgo-12.127.5
capgo-12.127.8
capgo-12.127.9
capgo-12.128.0
capgo-12.128.1
cli-7.*
cli-7.94.0
cli-7.94.1
cli-7.94.5
cli-7.94.6
cli-7.94.7
cli-7.94.8
cli-7.94.9
cli-7.95.0
cli-7.95.1
cli-7.95.10
cli-7.95.2
cli-7.95.3
cli-7.95.4
cli-7.95.5
cli-7.95.6
cli-7.95.7
cli-7.95.8
cli-7.95.9
v12.*
v12.100.0
v12.100.1
v12.100.10
v12.100.11
v12.100.12
v12.100.13
v12.100.14
v12.100.15
v12.100.3
v12.100.4
v12.100.5
v12.100.6
v12.100.7
v12.100.8
v12.100.9
v12.101.0
v12.101.1
v12.102.0
v12.102.1
v12.102.2
v12.102.3
v12.102.4
v12.102.6
v12.103.1
v12.104.2
v12.104.3
v12.105.0
v12.105.3
v12.105.4
v12.105.5
v12.105.6
v12.105.8
v12.105.9
v12.106.0
v12.106.1
v12.106.2
v12.107.0
v12.107.1
v12.107.10
v12.107.11
v12.107.19
v12.107.2
v12.107.20
v12.107.21
v12.107.22
v12.107.24
v12.107.26
v12.107.3
v12.107.4
v12.107.5
v12.107.6
v12.107.7
v12.107.8
v12.108.0
v12.108.1
v12.108.10
v12.108.11
v12.108.12
v12.108.13
v12.108.14
v12.108.15
v12.108.16
v12.108.17
v12.108.18
v12.108.19
v12.108.2
v12.108.3
v12.108.4
v12.108.5
v12.108.6
v12.108.7
v12.108.8
v12.108.9
v12.109.0
v12.109.1
v12.109.10
v12.109.11
v12.109.12
v12.109.13
v12.109.14
v12.109.15
v12.109.17
v12.109.2
v12.109.3
v12.109.4
v12.109.5
v12.109.6
v12.109.7
v12.109.8
v12.109.9
v12.110.0
v12.110.2
v12.110.3
v12.110.4
v12.110.5
v12.110.6
v12.111.1
v12.111.2
v12.111.3
v12.112.0
v12.112.1
v12.112.2
v12.112.3
v12.112.4
v12.112.5
v12.112.6
v12.113.0
v12.113.1
v12.113.2
v12.114.0
v12.114.1
v12.114.12
v12.114.2
v12.114.4
v12.114.6
v12.114.7
v12.114.9
v12.115.0
v12.115.2
v12.116.0
v12.116.1
v12.116.10
v12.116.11
v12.116.12
v12.116.13
v12.116.14
v12.116.15
v12.116.16
v12.116.17
v12.116.18
v12.116.19
v12.116.2
v12.116.20
v12.116.21
v12.116.22
v12.116.23
v12.116.24
v12.116.27
v12.116.28
v12.116.29
v12.116.3
v12.116.30
v12.116.33
v12.116.34
v12.116.39
v12.116.4
v12.116.40
v12.116.41
v12.116.45
v12.116.46
v12.116.47
v12.116.48
v12.116.49
v12.116.5
v12.116.50
v12.116.51
v12.116.52
v12.116.53
v12.116.54
v12.116.55
v12.116.56
v12.116.57
v12.116.58
v12.116.59
v12.116.6
v12.116.60
v12.116.61
v12.116.62
v12.116.63
v12.116.64
v12.116.65
v12.116.66
v12.116.67
v12.116.68
v12.116.69
v12.116.7
v12.116.70
v12.116.71
v12.116.72
v12.116.8
v12.116.9
v12.117.1
v12.117.2
v12.117.3
v12.117.4
v12.117.5
v12.117.6
v12.117.8
v12.118.0
v12.118.1
v12.118.2
v12.119.0
v12.119.10
v12.119.12
v12.119.13
v12.119.14
v12.119.15
v12.119.16
v12.119.17
v12.119.18
v12.119.19
v12.119.20
v12.119.21
v12.119.3
v12.119.4
v12.119.5
v12.119.6
v12.119.8
v12.119.9
v12.120.10
v12.120.11
v12.120.12
v12.120.13
v12.120.14
v12.120.15
v12.120.16
v12.120.19
v12.120.20
v12.120.4
v12.120.5
v12.120.6
v12.120.7
v12.120.8
v12.120.9
v12.121.0
v12.121.1
v12.121.10
v12.121.11
v12.121.2
v12.121.4
v12.121.5
v12.121.6
v12.121.7
v12.121.8
v12.121.9
v12.122.0
v12.122.1
v12.122.10
v12.122.11
v12.122.12
v12.122.13
v12.122.14
v12.122.15
v12.122.16
v12.122.2
v12.122.3
v12.122.4
v12.122.5
v12.122.6
v12.122.7
v12.122.8
v12.122.9
v12.123.0
v12.123.1
v12.123.2
v12.123.3
v12.123.4
v12.123.5
v12.123.6
v12.123.7
v12.123.8
v12.55.3
v12.55.4
v12.55.5
v12.55.8
v12.55.9
v12.56.0
v12.56.1
v12.56.10
v12.56.11
v12.56.12
v12.56.13
v12.56.14
v12.56.15
v12.56.16
v12.56.18
v12.56.2
v12.56.24
v12.56.25
v12.56.26
v12.56.4
v12.56.6
v12.56.7
v12.56.8
v12.56.9
v12.73.2
v12.84.5
v12.84.6
v12.85.0
v12.85.1
v12.85.2
v12.85.3
v12.85.4
v12.85.7
v12.85.8
v12.85.9
v12.86.0
v12.86.2
v12.87.1
v12.89.12
v12.89.14
v12.89.15
v12.89.16
v12.89.17
v12.89.5
v12.89.6
v12.89.9
v12.90.0
v12.90.1
v12.90.2
v12.90.3
v12.91.0
v12.91.1
v12.91.10
v12.91.12
v12.91.14
v12.91.15
v12.91.2
v12.91.3
v12.91.4
v12.91.5
v12.91.6
v12.91.7
v12.91.8
v12.91.9
v12.92.0
v12.93.0
v12.93.1
v12.93.2
v12.93.3
v12.93.4
v12.93.5
v12.93.6
v12.94.0
v12.94.1
v12.94.2
v12.94.6
v12.95.0
v12.96.0
v12.96.1
v12.96.2
v12.97.0
v12.97.1
v12.98.1
v12.98.2
v12.98.3
v12.99.0
v12.99.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-56329.json"