CVE-2026-56255
Received Received - Intake
Capgo Denial of Service via Unlimited Demo App Creation

Publication date: 2026-06-22

Last updated on: 2026-06-22

Assigner: VulnCheck

Description
Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write permissions to create unlimited demo applications without rate limiting or quota enforcement. Attackers can repeatedly invoke this endpoint to generate approximately 138 database write operations per request, causing degraded performance, increased costs, and potential service instability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-22
Last Modified
2026-06-22
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-56255
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
capgo capgo to 12.128.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Capgo versions before 12.128.2 and involves the POST /app/demo endpoint. Authenticated users who have organization write permissions can exploit this vulnerability by creating unlimited demo applications without any rate limiting or quota enforcement.

Each request to this endpoint can generate approximately 138 database write operations, which can be repeatedly invoked by attackers.

Impact Analysis

The vulnerability can lead to degraded performance of the affected system due to the high volume of database write operations triggered by each request.

It can also increase operational costs because of the excessive resource usage and may cause potential service instability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56255. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart