PatchSiren

Cap CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Cap CVE published 2026-07-07

CVE-2026-59704

CVE-2026-59704 is a high-severity vulnerability in Cap's GET /api/video/ai endpoint. The endpoint fails to validate user ownership or membership before returning private video AI metadata, including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generation that consumes the video owner's credits wit [truncated]