Authentication Bypass in Capgo by Capgo
CVE-2026-56305

8.7HIGH

Key Information:

Vendor

Capgo

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-56305?

The Capgo application prior to version 12.128.2 includes a significant authentication bypass vulnerability in its password change endpoint. This flaw enables attackers to alter user passwords without the need for current password validation. With access to a temporary session, malicious actors can exploit this vulnerability to effectively lock out legitimate users and seize complete control of user accounts, posing serious risks to user data and overall application security.

Affected Version(s)

Capgo 0 < 12.128.2

Capgo 12.128.2

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.