CVE-2026-56236
MEDIUMCapgo CLI - Arbitrary File Overwrite via Symlink-Following in Local Credential Operations
Title source: cnaDescription
Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
GHSA Advisory GHSA-8mpm-q7mh-8fvh
https://github.com/Cap-go/capgo/security/advisories/GHSA-8mpm-q7mh-8fvh
Third Party Advisory third-party-advisory
VulnCheck Advisory: Capgo CLI - Arbitrary File Overwrite via Symlink-Following in Local Credential Operations
https://www.vulncheck.com/advisories/capgo-cli-arbitrary-file-overwrite-via-symlink-following-in-local-credential-operations
Scores
CVSS v3
6.1
EPSS
0.0013
EPSS Percentile
3.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-59
Status
published
Products (2)
capgo/cli
< 12.128.2
capgo/cli
12.128.2
Published
Jun 21, 2026
Tracked Since
Jun 21, 2026