CVE-2026-53868
7.5 HIGHCapgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses ...
Published: 2026-06-12 · Last updated: 2026-06-12
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-306
Description
Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 30 days by exploiting unverified email ownership in account lifecycle operations.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-12183 — Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerabili... (9.8 CRITICAL)
- CVE-2026-50287 — AgenticMail gives AI agents real email addresses and phone numbers
- CVE-2026-53981 — Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary ... (7.6 HIGH)
- CVE-2026-50085 — The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker wit... (8.6 HIGH)
- CVE-2026-50082 — The Aqara Cloud Developer Portal (developer.aqara.com) issued a developer token to any email address supplied by the attacker (6.5 MEDIUM)