CVE-2026-56332

MEDIUM(4.7)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Risk Signal Score17/100 — NIEDRIG

CVSS 4.7 — Mittel

Beschreibung

Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirect users to arbitrary external websites. The confirmation_url parameter is not validated, enabling attackers to craft malicious links for phishing and credential harvesting attacks.

Referenzen

https://github.com/Cap-go/capgo/security/advisories/GHSA-24q8-ghqq-m8cj
https://www.vulncheck.com/advisories/capgo-open-redirect-via-confirmation-url-pa...