Account Takeover Vulnerability in Cap-go Email Change Mechanism
CVE-2026-53981
7.2HIGH
What is CVE-2026-53981?
The Cap-go email change mechanism prior to version 12.128.2 contains a security vulnerability that permits an attacker with a temporary authenticated session to change a registered email address without the need for re-authentication measures, such as password or multi-factor authentication (MFA) verification. This flaw allows attackers to redirect email verification links to their own control, enabling them to execute a password reset and seize full control of the victim's account.
Affected Version(s)
Cap-go 0
Cap-go 0 < 12.128.2
Cap-go 6685e5f11adef257bf3d085e481f4d8ebcec602e
