PT-2026-54036 · Cap Go · Cap-Go
Judel777
·
Published
2026-06-30
·
Updated
2026-06-30
·
CVE-2026-56331
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Capgo before 12.128.2 contains improper error handling in the /private/accept invitation endpoint that returns HTTP 500 instead of safe 4xx errors when magic invite string is invalid. Attackers can trigger this vulnerability using only the public key by submitting malformed magic invite string values to cause server errors and leak internal processing details.
Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cap-Go