CVE-2026-56286
HIGH
NVD
CVSS Score
8.1
Severity
HIGH
Published
Jun 30, 2026
Vendor
unknown
Description
Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion endpoint that allows deletion without password re-authentication or secondary verification. Attackers can delete user accounts via session hijacking, CSRF attacks, or parameter tampering, resulting in unauthorized account deletion, data loss, and denial-of-service.