CVE-2026-56332
Severity CVSS v4.0:
MEDIUM
Type:
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Publication date:
20/06/2026
Last modified:
22/06/2026
Description
Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirect users to arbitrary external websites. The confirmation_url parameter is not validated, enabling attackers to craft malicious links for phishing and credential harvesting attacks.
Impact
Base Score 4.0
5.10
Severity 4.0
MEDIUM
Base Score 3.x
4.70
Severity 3.x
MEDIUM



