Insufficient Authentication in Email Change for Capgo Software by Capgo
CVE-2026-56308

8.4HIGH

Key Information:

Vendor

Capgo

Status
Vendor
CVE Published:
12 July 2026

What is CVE-2026-56308?

Capgo software versions prior to 12.128.2 exhibit a vulnerability allowing unauthorized email address changes during active sessions. Without the need for current password re-authentication or existing email validation, an attacker with access to an authenticated session can exploit this weakness. This can lead to account recovery control and effectively bypass multi-factor authentication measures, posing significant risks to user accounts and sensitive data.

Affected Version(s)

Capgo 0 < 12.128.2

Capgo 12.128.2

References

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.