Loading market data...
← Back to CVE feed

CVE-2026-59704

HIGH CVSS 7.1 View on NVD ↗

Description

Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generation that consumes the video owner's credits without consent.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Published: Jul 07, 2026 23:16 UTC Modified: Jul 08, 2026 14:17 UTC