Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 07 Jul 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generation that consumes the video owner's credits without consent. | |
| Title | Cap - Missing Access Control in Video AI Metadata Endpoint | |
| First Time appeared |
Capnproto
Capnproto capnproto |
|
| Weaknesses | CWE-862 | |
| CPEs | cpe:2.3:a:capnproto:capnproto:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Capnproto
Capnproto capnproto |
|
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-07T22:20:25.363Z
Reserved: 2026-07-06T15:31:46.187Z
Link: CVE-2026-59704
No data.
No data.
No data.
OpenCVE Enrichment
No data.