CVE-2026-56223

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.7 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N                                    

Vulnerability Description

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a malicious IdP can forge SAML assertions containing victim email addresses to trigger account merge and gain full access to victim accounts, organizations, and data.

Vulnerability Details

Published Date

June 24, 2026

Last Modified

June 24, 2026

CWE ID

CWE-287

Source

NVD

Vendor

Capgo

Product

Capgo

External References

https://github.com/Cap-go/capgo/security/advisories/GHSA-jhjh-vp9p-54fg
https://www.vulncheck.com/advisories/capgo-account-takeover-via-cross-domain-sso-email-assertion-in-provision-user
https://github.com/Cap-go/capgo/security/advisories/GHSA-jhjh-vp9p-54fg

CVE-2026-56223

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment