← volver
CVE-2026-56332

Capgo - Open Redirect via confirmation_url Parameter

CVSS 5.1 MEDIUMEPSS 0.2%CWE-601
Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirect users to arbitrary external websites. The confirmation_url parameter is not validated, enabling attackers to craft malicious links for phishing and credential harvesting attacks.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
Productos afectados
Capgo · Capgo

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/Cap-go/capgo/security/advisories/GHSA-24q8-ghqq-m8cjhttps://www.vulncheck.com/advisories/capgo-open-redirect-via-confirmation-url-parameter