CVE Catalog

CVE-2026-56338

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures.

Risk Assessment

Authenticated users cannot complete 2FA enrollment, blocking access to security controls and exposing the organization to unauthorized access risks.

Recommendation

It is recommended to upgrade to version 12.128.2 or later to mitigate this vulnerability and ensure proper functioning of the two-factor verification process.

Original NVD description (English source)

Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors with captcha verification process failed messages, blocking access to security controls.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS