PT-2026-57172 · Cap Go · Cap-Go
Judel777
·
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-56312
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
Capgo before 12.128.2 contains an improper validation vulnerability in the accept invitation endpoint that creates user accounts before captcha validation is enforced. Attackers can bypass captcha protection by sending POST requests with invalid captcha tokens to create unwanted accounts and burn invite links.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cap-Go