CVE-2026-59704
Gravedad CVSS v4.0:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
07/07/2026
Última modificación:
07/07/2026
Descripción
*** Pendiente de traducción *** Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generation that consumes the video owner's credits without consent.
Impacto
Puntuación base 4.0
7.10
Gravedad 4.0
ALTA
Puntuación base 3.x
7.10
Gravedad 3.x
ALTA
Referencias a soluciones, herramientas e información
- https://github.com/CapSoftware/Cap
- https://github.com/CapSoftware/Cap/commit/8d48642b6e7938af238386383ef1c273be4110dd
- https://github.com/CapSoftware/Cap/issues/1981
- https://github.com/CapSoftware/Cap/pull/1926
- https://www.vulncheck.com/advisories/cap-missing-access-control-in-video-ai-metadata-endpoint



