What is GHSA-55hv-3q63-6xmh?

GHSA-55hv-3q63-6xmh is a security advisory published by GitHub Security Advisories with Medium severity. Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded...

Which CVE IDs does GHSA-55hv-3q63-6xmh cover?

GHSA-55hv-3q63-6xmh covers the following CVE IDs: CVE-2026-56218. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-55hv-3q63-6xmh?

GHSA-55hv-3q63-6xmh has a CVSS v3 base score of 5.3, published by GitHub Security Advisories.

GHSA-55hv-3q63-6xmhMediumCVSS 5.3

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded...

Vendor

GitHub Security Advisories

Published

June 20, 2026

Last Modified

June 20, 2026

🔗 CVE IDs covered (1)

CVE-2026-56218 →

📋 Description

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time.

🔗 References (4)

https://github.com/Cap-go/capgo/security/advisories/GHSA-c5w9-886p-9j2x
https://nvd.nist.gov/vuln/detail/CVE-2026-56218
https://www.vulncheck.com/advisories/capgo-exif-metadata-exposure-via-image-upload
https://github.com/advisories/GHSA-55hv-3q63-6xmh