Capgo < 12.128.2 - Orphaned File Retention via Profile Image Replacement | Advisories

Advisories

Capgo < 12.128.2 - Orphaned File Retention via Profile Image Replacement

severity: medium
date: 6/12/2026
Affecting: capgo >= 0, < 12.128.2
CVE: CVE-2026-53867
CWE: CWE-459 Incomplete Cleanup
CVSS: 5.3
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
References: GHSA Advisory GHSA-8p92-wcp2-c9j4
Credit: Naitik Gupta
Description: Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo