Loading market data...
← Back to CVE feed

CVE-2026-56312

MEDIUM CVSS 6.5 View on NVD ↗

Description

Capgo before 12.128.2 contains an improper validation vulnerability in the accept_invitation endpoint that creates user accounts before captcha validation is enforced. Attackers can bypass captcha protection by sending POST requests with invalid captcha tokens to create unwanted accounts and burn invite links.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Published: Jul 10, 2026 15:16 UTC Modified: Jul 10, 2026 17:17 UTC