GHSA-wx33-g984-7g82MediumCVSS 4.3

Capgo before 12.128.2 lacks an UPDATE row-level security policy for the build_requests table,...

Published
July 1, 2026
Last Modified
July 1, 2026

🔗 CVE IDs covered (1)

📋 Description

Capgo before 12.128.2 lacks an UPDATE row-level security policy for the build_requests table, preventing API-key and anonymous access from persisting builder status updates. Attackers can exploit this missing policy to cause build status and error details to remain unpersisted, leaving build_requests rows stuck in pending state with null last_error values.

🔗 References (4)