PT-2026-57172 · Cap Go · Cap-Go

Judel777

·

Published

2026-07-10

·

Updated

2026-07-10

·

CVE-2026-56312

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Capgo before 12.128.2 contains an improper validation vulnerability in the accept invitation endpoint that creates user accounts before captcha validation is enforced. Attackers can bypass captcha protection by sending POST requests with invalid captcha tokens to create unwanted accounts and burn invite links.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-56312

Affected Products

Cap-Go