Improper Error Handling in Capgo Affects User Security
CVE-2026-56331

6.9MEDIUM

Key Information:

Vendor

Capgo

Status
Vendor
CVE Published:
30 June 2026

What is CVE-2026-56331?

The Capgo application, prior to version 12.128.2, exhibits a flaw in its error handling processes within the /private/accept_invitation endpoint. When provided with an invalid magic_invite_string, the application incorrectly responds with an HTTP 500 error instead of a safe 4xx format. This misconfiguration can be exploited by attackers leveraging the public key to submit malformed values, potentially triggering server errors that expose sensitive internal processing information.

Affected Version(s)

Capgo 0 < 12.128.2

Capgo 12.128.2

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Judel777
.