Improper Validation Vulnerability in Capgo by Capgo
CVE-2026-56312

6.9MEDIUM

Key Information:

Vendor

Capgo

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-56312?

Capgo versions before 12.128.2 are affected by an improper validation vulnerability within the accept_invitation endpoint, which allows attackers to create user accounts without proper captcha validation. By sending POST requests with invalid captcha tokens, malicious actors can circumvent captcha protection, leading to the unauthorized creation of accounts and the potential exploitation of invite links.

Affected Version(s)

Capgo 0 < 12.128.2

Capgo 12.128.2

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Judel777
.