CVE-2026-56332
Published
CVSS v3
4.7
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirect users to arbitrary external websites. The confirmation_url parameter is not validated, enabling attackers to craft malicious links for phishing and credential harvesting attacks.
Console, Backend and CLI to manage Capgo Instant update and Native build for Capacitor apps
GitHub