GHSA-g9f3-8379-v2hfMediumCVSS 4.3

Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage...

Published
June 13, 2026
Last Modified
June 13, 2026

🔗 CVE IDs covered (1)

📋 Description

Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content.

🔗 References (4)