PT-2026-51159 · Cap Go · Cap-Go
Muhnabil04
·
Published
2026-06-20
·
Updated
2026-06-20
·
CVE-2026-56332
CVSS v3.1
4.7
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Capgo versions prior to 12.128.2
Description
An open redirect issue exists in the 'confirm-signup' endpoint. The
confirmation url parameter is not validated, which allows attackers to redirect users to arbitrary external websites. This can be used to facilitate phishing and credential harvesting attacks.Recommendations
Update to version 12.128.2 or later.
As a temporary workaround, restrict access to the 'confirm-signup' endpoint or avoid using the
confirmation url parameter until the update is applied.Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cap-Go