Authentication Bypass in Capgo by Capgo
CVE-2026-56305
8.7HIGH
What is CVE-2026-56305?
The Capgo application prior to version 12.128.2 includes a significant authentication bypass vulnerability in its password change endpoint. This flaw enables attackers to alter user passwords without the need for current password validation. With access to a temporary session, malicious actors can exploit this vulnerability to effectively lock out legitimate users and seize complete control of user accounts, posing serious risks to user data and overall application security.
Affected Version(s)
Capgo 0 < 12.128.2
Capgo 12.128.2
