Open Redirect Vulnerability in Capgo by Capgo Inc.
CVE-2026-56332

5.1MEDIUM

Key Information:

Vendor: Capgo
Status: Capgo
Vendor: CVE Published:; 20 June 2026

What is CVE-2026-56332?

The open redirect vulnerability in Capgo's confirm-signup endpoint allows attackers to exploit the confirmation_url parameter. Due to a lack of proper validation, this can lead to users being redirected to malicious external websites, putting them at risk for phishing and credential harvesting attacks. Organizations using versions of Capgo prior to 12.128.2 should take immediate action to ensure their systems are updated and to protect their users from potential threats.

Affected Version(s)

Capgo 0 < 12.128.2

Capgo 12.128.2

References

https://github.com/Cap-go/capgo/security/advisories/GHSA-...

vendor-advisory

https://www.vulncheck.com/advisories/capgo-open-redirect-...

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2026
Vulnerability Reserved
Jun 20, 2026

Credit

muhnabil04

CVE-2026-56332 Data

JSON