Skip to main content

Console Capgo App

1 CVEs product

Monthly

CVE-2026-53982 HIGH PATCH This Week

Denial of service in Capgo Console versions prior to 12.28.2 allows an authenticated attacker to lock legitimate users out of authentication and onboarding flows by triggering account deletion while a device identifier is bound to the active session. The platform incorrectly persists the deletion state against the device identifier rather than the account, causing the affected browser or device to be redirected to an account-disabled page for roughly 30 days. No public exploit identified at time of analysis, but a vendor patch and GHSA advisory (GHSA-qmrm-qgwr-55jf) have been published following disclosure by VulnCheck.

Authentication Bypass Console Capgo App
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Capgo Console versions prior to 12.28.2 allows an authenticated attacker to lock legitimate users out of authentication and onboarding flows by triggering account deletion while a device identifier is bound to the active session. The platform incorrectly persists the deletion state against the device identifier rather than the account, causing the affected browser or device to be redirected to an account-disabled page for roughly 30 days. No public exploit identified at time of analysis, but a vendor patch and GHSA advisory (GHSA-qmrm-qgwr-55jf) have been published following disclosure by VulnCheck.

Authentication Bypass Console Capgo App
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy