All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-56286
HIGHpublished 2026-06-30 23:17 UTC · 4 days ago · modified 2026-07-01 16:16 UTC
7.0
CVSS / 10
// description
Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion endpoint that allows deletion without password re-authentication or secondary verification. Attackers can delete user accounts via session hijacking, CSRF attacks, or parameter tampering, resulting in unauthorized account deletion, data loss, and denial-of-service.
// weaknesses (CWE)
- CWE-306