Improper Error Handling in Capgo Affects User Security
CVE-2026-56331
6.9MEDIUM
What is CVE-2026-56331?
The Capgo application, prior to version 12.128.2, exhibits a flaw in its error handling processes within the /private/accept_invitation endpoint. When provided with an invalid magic_invite_string, the application incorrectly responds with an HTTP 500 error instead of a safe 4xx format. This misconfiguration can be exploited by attackers leveraging the public key to submit malformed values, potentially triggering server errors that expose sensitive internal processing information.
Affected Version(s)
Capgo 0 < 12.128.2
Capgo 12.128.2
