Account Deletion Vulnerability in Capgo by Capgo
CVE-2026-56286
7HIGH
What is CVE-2026-56286?
An authentication bypass vulnerability in Capgo allows attackers to delete user accounts through the account deletion endpoint without requiring password re-authentication or secondary verification. This issue affects versions prior to 12.128.2, making it possible for malicious users to exploit session hijacking, CSRF attacks, or parameter tampering techniques to gain unauthorized access. The consequences include potential unauthorized account deletion, data loss for users, and denial-of-service scenarios, highlighting the importance of timely updates and security measures.
Affected Version(s)
Capgo 0 < 12.128.2
Capgo 12.128.2
