Insufficient Authentication in Email Change for Capgo Software by Capgo
CVE-2026-56308
8.4HIGH
What is CVE-2026-56308?
Capgo software versions prior to 12.128.2 exhibit a vulnerability allowing unauthorized email address changes during active sessions. Without the need for current password re-authentication or existing email validation, an attacker with access to an authenticated session can exploit this weakness. This can lead to account recovery control and effectively bypass multi-factor authentication measures, posing significant risks to user accounts and sensitive data.
Affected Version(s)
Capgo 0 < 12.128.2
Capgo 12.128.2
