Vulnerability in Capgo
CVE-2026-56305
Capgo before 12.128.2 contains an authentication bypass vulnerability in the password change endpoint that allows attackers to change user passwords without requiring current password confirmation. Attackers with temporary session access c…
CVSS v3 metric
CVSS v3 base score 8.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L.
Affected products
- Capgo — versions 0, 12.128.2
Weakness classification (CWE)
References
- disclosure@vulncheck.com (vendor-advisory)
- disclosure@vulncheck.com (third-party-advisory)
Frequently asked questions
- What is CVE-2026-56305?
- CVE-2026-56305 is a high-severity vulnerability in Capgo, classified under CWE-620. CVSS score: 8.3/10. Published 2026-07-10.
- How severe is CVE-2026-56305?
- High severity. CVSS v3 base score is 8.3 out of 10.