Account Deletion Vulnerability in Capgo by Capgo
CVE-2026-56286

7HIGH

Key Information:

Vendor

Capgo

Status
Vendor
CVE Published:
30 June 2026

What is CVE-2026-56286?

An authentication bypass vulnerability in Capgo allows attackers to delete user accounts through the account deletion endpoint without requiring password re-authentication or secondary verification. This issue affects versions prior to 12.128.2, making it possible for malicious users to exploit session hijacking, CSRF attacks, or parameter tampering techniques to gain unauthorized access. The consequences include potential unauthorized account deletion, data loss for users, and denial-of-service scenarios, highlighting the importance of timely updates and security measures.

Affected Version(s)

Capgo 0 < 12.128.2

Capgo 12.128.2

References

CVSS V4

Score:
7
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.