A vulnerability, which was classified as critical , was found in Cap-go capgo up to 12.128.1 . Impacted is an unknown function of the file cloudflare.ts of the component API Request Handler . Executing a manipulation of the argument deviceIds/search/version_name/cursor/actions can lead to sql injection. This vulnerability is registered as CVE-2026-56221 . It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.