Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Sun, 12 Jul 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and bypass multi-factor authentication protections. | |
| Title | Capgo - Insufficient Authentication in Email Change Endpoint | |
| Weaknesses | CWE-640 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-12T12:06:33.602Z
Reserved: 2026-06-20T12:53:19.893Z
Link: CVE-2026-56308
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-12T22:00:13Z