CVE-2026-56332

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

4.7 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N                                    

Vulnerability Description

Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirect users to arbitrary external websites. The confirmation_url parameter is not validated, enabling attackers to craft malicious links for phishing and credential harvesting attacks.

Vulnerability Details

Published Date

June 20, 2026

Last Modified

June 20, 2026

CWE ID

CWE-601

Source

NVD

Vendor

Capgo

Product

Capgo

External References

https://github.com/Cap-go/capgo/security/advisories/GHSA-24q8-ghqq-m8cj
https://www.vulncheck.com/advisories/capgo-open-redirect-via-confirmation-url-parameter

CVE-2026-56332

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment