{"id":79691,"date":"2026-06-13T01:46:56","date_gmt":"2026-06-12T22:16:56","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-53867-capgo-12-128-2-orphaned-file-retention-via-profile-image-replacement\/"},"modified":"2026-06-13T01:46:56","modified_gmt":"2026-06-12T22:16:56","slug":"cve-2026-53867-capgo-12-128-2-orphaned-file-retention-via-profile-image-replacement","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-53867-capgo-12-128-2-orphaned-file-retention-via-profile-image-replacement\/","title":{"rendered":"CVE-2026-53867 – Capgo < 12.128.2 – Orphaned File Retention via Profile Image Replacement"},"content":{"rendered":"

CVE ID :CVE-2026-53867<\/p>\n

Published : June 12, 2026, 10:16 p.m. | 1\u00a0hour, 7\u00a0minutes ago<\/p>\n

Description :Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content.<\/p>\n

Severity: 5.3 | MEDIUM<\/p>\n

Visit the link for more details, such as CVSS details, affected products, timeline, and more…\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"

CVE ID :CVE-2026-53867 Published : June 12, 2026, 10:16 p.m. | 1\u00a0hour, 7\u00a0minutes ago Description :Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content. Severity: 5.3 | MEDIUM Visit …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-79691","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/79691","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=79691"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/79691\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=79691"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=79691"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=79691"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}