Ghostwire

CVE-2026-53868: Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary...

HIGH CVSS 7.5 1 PoC

Published: June 12, 2026 | Last Modified: June 12, 2026

Description

Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 30 days by exploiting unverified email ownership in account lifecycle operations.

Ghostwire Analysis — What This Means Practically

High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.
1 proof-of-concept exploit available on GitHub. Public exploit code lowers the barrier for both researchers and attackers.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Proof-of-Concept Exploits (1)

Cap-go/capgo

CVE-2026-53868: Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary...

Description

Ghostwire Analysis — What This Means Practically

Proof-of-Concept Exploits (1)

Security Coverage (1 articles)

References