Capgo CLI before 12.128.2 contains arbitrary file...
Moderate severity
Unreviewed
Published
Jun 21, 2026
to the GitHub Advisory Database
•
Updated Jun 21, 2026
Description
Published by the National Vulnerability Database
Jun 21, 2026
Published to the GitHub Advisory Database
Jun 21, 2026
Last updated
Jun 21, 2026
Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI.
References