Ghostwire

CVE-2026-56218: Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing...

MEDIUM CVSS 0.0

Published: June 20, 2026 | Last Modified: June 20, 2026

Description

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References

www.tenable.com/cve/CVE-2026-56218
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-56218