CVE Catalog

CVE-2026-53982

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile — higher than 25% of all known CVEs

Summary

Cap-go Console versions below 12.28.2 contain a denial-of-service vulnerability in the account deletion flow that allows an attacker to block authentication and onboarding functions. The issue arises from incorrectly associating the deletion state with the device identifier, leading to redirection to an account-disabled page for approximately 30 days.

Risk Assessment

The organization may experience account access disruptions for users, affecting registration and login processes. An attacker could exploit this vulnerability to disrupt user activities and prevent them from using the platform.

Recommendation

It is recommended to update Cap-go Console to version 12.28.2 or newer to mitigate this vulnerability. Additionally, monitoring logs and user activity is advisable to detect potential attack attempts.

Original NVD description (English source)

Cap-go Console < 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the deletion state with the device identifier, causing the affected device or browser environment to be redirected to an account-disabled page for approximately 30 days, preventing any account login or registration from that device.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS