Tag
high
advisory
Capgo Email Change Vulnerability Bypasses Authentication (CVE-2026-56308)
2 TTPs 1 CVE 2 IOCsA vulnerability (CVE-2026-56308) in Capgo before version 12.128.2 allows an attacker with an authenticated session to change a user's email address without re-authentication or verification of the existing email, leading to account takeover through recovery mechanisms and multi-factor authentication bypass.
Capgo
vulnerability
authentication-bypass
account-takeover
web-application
2t
1c
2i
high
advisory
Capgo Privilege Escalation via Retained Super_Admin Privileges (CVE-2026-56241)
1 TTP 1 CVEA privilege escalation vulnerability, CVE-2026-56241, in Capgo versions prior to 12.128.2 allows demoted super_admin users to retain access to critical RPCs, enabling them to indefinitely enumerate and bulk delete non-compliant bundles across an organization.
Capgo
privilege-escalation
vulnerability
cloud
1t
1c