Denial-of-Service Vulnerability in Cap-go Console by Cap-go
CVE-2026-53982

7.1HIGH

Key Information:

Vendor

Cap-go

Status
Vendor
CVE Published:
12 June 2026

What is CVE-2026-53982?

The Cap-go Console versions prior to 12.28.2 exhibit a vulnerability within the account deletion process, allowing attackers to disrupt authentication and onboarding. When an account deletion is triggered while an active session is linked to a device identifier, it incorrectly associates the deletion state with that device. This flaw leads to the affected device being redirected to a page indicating the account is disabled for a significant duration, approximately 30 days, hindering any further login or registration attempts. Proper security measures are essential to mitigate this issue and ensure continued access for legitimate users.

Affected Version(s)

capgo 0

capgo 0 < 12.28.2

capgo 6685e5f11adef257bf3d085e481f4d8ebcec602e

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Naitik Gupta
.