CVE-2026-53867
CVE-2026-53867
Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval o…
CVSS v3 metric
CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2026-53867?
- CVE-2026-53867 is a medium-severity vulnerability, classified under Incomplete Cleanup. CVSS score: 4.3/10. Published 2026-06-12.
- How severe is CVE-2026-53867?
- Medium severity. CVSS v3 base score is 4.3 out of 10.