CVE-2026-56228

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2

Description The software fails to enforce a maximum value on the minimum password length field within the password policy configuration. An authenticated organization administrator can set an excessively large numeric value for this field, making it impossible for organization members to comply with the password requirements. Once this policy is enabled, users and administrators are unable to change passwords or access the organization, leading to an organization-wide account lockout and an application-level denial of service (a condition where the application becomes unavailable to its intended users).

Recommendations Update to version 12.128.2 or later.