CVE-2026-56325 – Capgo – App ID Confusion via ILIKE Wildcard in Preview Subdomain Lookup

CVE ID :CVE-2026-56325

Published : June 20, 2026, 3:21 p.m. | 21 minutes ago

Description :Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for app_id lookup in the preview subdomain resolver, allowing underscore characters in app_id to act as SQL wildcards. Attackers can create apps with app_ids differing by one character at underscore positions to cause unintended pattern matches, breaking preview functionality for legitimate apps or causing app-id confusion.

Severity: 3.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…