CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-56312

mediumCVSS 6.5covered by 1 sourcefirst seen 2026-07-10
Capgo before 12.128.2 contains an improper validation vulnerability in the accept_invitation endpoint that creates user accounts before captcha validation is enforced. Attackers can bypass captcha protection by sending POST requests with invalid captcha tokens to create unwanted accounts and burn invite links.

⚡ Watch CVE-2026-56312

Get an email if CVE-2026-56312 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Advisory coverage (1)

External references

NVD record for CVE-2026-56312

CVE.org record

Embed the live status

CVE-2026-56312 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-56312 status](https://www.csirts.com/badge/CVE-2026-56312)](https://www.csirts.com/cve/CVE-2026-56312)