CVE-2026-56218

MEDIUM(5.3)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Risk Signal Score18/100 — NIEDRIG

CVSS 5.3 — Mittel

Beschreibung

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time.

Referenzen

https://github.com/Cap-go/capgo/security/advisories/GHSA-c5w9-886p-9j2x
https://www.vulncheck.com/advisories/capgo-exif-metadata-exposure-via-image-uplo...