Executive Summary

CVE-2026-56282 is an information disclosure vulnerability in Capgo versions before 12.128.2. It exists in the unauthenticated /replication endpoint, which allows attackers to access sensitive PostgreSQL replication telemetry without needing to authenticate.

The exposed information includes replication slot names, WAL LSN positions such as confirmed_flush_lsn and restart_lsn, and database error messages. This data reveals internal infrastructure details and can be used by attackers for reconnaissance.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by exposing sensitive internal details about your PostgreSQL replication setup to unauthorized attackers.

• Attackers can gather replication slot names and WAL LSN positions, which provide insight into your database replication state.
• Exposed database error messages can reveal additional sensitive information about your infrastructure.
• The information can be used for reconnaissance to plan further attacks or exploit other vulnerabilities.
• Overall, it increases the risk of targeted attacks by leaking operational and infrastructure details.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if the unauthenticated /replication endpoint is accessible and exposing sensitive PostgreSQL replication telemetry data.

You can use commands like curl or wget to query the /replication endpoint on your Capgo instance and observe if sensitive information such as replication slot names, WAL LSN positions (confirmed_flush_lsn, restart_lsn), or database error messages are returned without authentication.

• curl -v http://<capgo-server>/replication
• wget -qO- http://<capgo-server>/replication

If these commands return detailed replication telemetry or error messages without requiring authentication, the vulnerability is present.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to the /replication endpoint to authenticated admin-only users or limiting access via IP allowlists.

Additionally, remove sensitive data from the endpoint responses and sanitize error messages to avoid leaking database error details.

• Implement authentication middleware to protect the /replication endpoint.
• Configure CORS policies to be more restrictive.
• Update Capgo to version 12.128.2 or later where this vulnerability is fixed.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability exposes sensitive internal PostgreSQL replication telemetry and error messages without authentication, which constitutes an exposure of sensitive information to unauthorized actors.

Such unauthorized disclosure of internal infrastructure details could potentially impact compliance with standards and regulations that require protection of sensitive data and infrastructure information, such as GDPR and HIPAA.

However, the provided information does not specify any direct impact on personal data or protected health information, nor does it explicitly link the vulnerability to compliance violations.

Mitigations like restricting access to authenticated users or IP allowlists and sanitizing error messages are recommended to reduce the risk of information disclosure and help maintain compliance.

Useful 0 Not Useful 0