CVE-2026-56212

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2

Description An authentication logic flaw exists where a user authorized to manage team or organization security settings can enforce mandatory two-factor authentication (2FA) for all team members without having 2FA enabled on their own account. The application does not verify the 2FA status of the initiator before permitting the policy change, which can lead to inconsistent security enforcement, administrative misuse, and the risk of locking out team members.

Recommendations Update to version 12.128.2.