What is CVE-2026-56237?

CVE-2026-56237 is a critical-severity vulnerability in Capgo, classified under Improper Authentication. CVSS score: 9.1/10. Published 2026-06-24.

How severe is CVE-2026-56237?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Auth bypass in Capgo

CVE-2026-56237

Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authen…

Vulnerability class: Broken Authentication

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Capgo — versions 0, 12.128.2

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

disclosure@vulncheck.com (vendor-advisory)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-56237?: CVE-2026-56237 is a critical-severity vulnerability in Capgo, classified under Improper Authentication. CVSS score: 9.1/10. Published 2026-06-24.
How severe is CVE-2026-56237?: Critical severity. CVSS v3 base score is 9.1 out of 10.