Cap-go Capgo
8 CVEs affecting Cap-go Capgo. Latest disclosed: 2026-06-20. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-56073 | Critical | 9.4 | 2026-06-19 | Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying serv… |
CVE-2026-56081 | Critical | 9.1 | 2026-06-19 | Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a victim's email address before tha… |
CVE-2026-56082 | High | 7.5 | 2026-06-19 | Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.record_build_time… |
CVE-2026-53982 | Medium | 6.5 | 2026-06-12 | Cap-go Console < 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding… |
CVE-2026-56235 | Medium | 5.3 | 2026-06-20 | Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions (get_app_metrics, get_global_metrics, get_total_metri… |
CVE-2026-56080 | Medium | 4.9 | 2026-06-19 | Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to… |
CVE-2026-56307 | Medium | 4.3 | 2026-06-20 | Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/workerd path that allows authentic… |
CVE-2026-53867 | Medium | 4.3 | 2026-06-12 | Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned… |