Capgo CLI - Arbitrary File Overwrite via Symlink-Following in Local Credential Operations | Advisories

Advisories

Capgo CLI - Arbitrary File Overwrite via Symlink-Following in Local Credential Operations

severity: medium
date: 6/21/2026
Affecting: cli >= 0, < 12.128.2
CVE: CVE-2026-56236
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSS: 6.8
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
References: GHSA Advisory GHSA-8mpm-q7mh-8fvh
Credit: Judel777
Description: Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo