HIGH
Cap
CVE published 2026-07-07
CVE-2026-59704
CVE-2026-59704 is a high-severity vulnerability in Cap's GET /api/video/ai endpoint. The endpoint fails to validate user ownership or membership before returning private video AI metadata, including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generation that consumes the video owner's credits wit [truncated]