PT-2026-51158 · Cap Go · Cap-Go

Judel777

Published

2026-06-20

Updated

2026-06-20

CVE-2026-56330

CVSS v3.1

3.5

Low

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2

Description An open redirect issue exists in the 'stripe portal' and 'stripe checkout' endpoints. These endpoints accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains, facilitating phishing and credential harvesting.

Recommendations Update to version 12.128.2 or later. Avoid using the callbackUrl, successUrl, and cancelUrl parameters in the 'stripe portal' and 'stripe checkout' endpoints until the update is applied.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2026-56330

Affected Products

Cap-Go

PT-2026-51158 · Cap Go · Cap-Go

CVE-2026-56330

Weakness Enumeration

Related Identifiers

Affected Products

References · 6