CVE-2026-56305

Source
https://cve.org/CVERecord?id=CVE-2026-56305
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-56305.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-56305
Aliases
  • GHSA-rjr5-qxqj-cx8g
Published
2026-07-10T13:57:54.294Z
Modified
2026-07-15T01:48:57.853319722Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
Capgo - Authentication Bypass in Password Change via Missing Current Password Validation
Details

Capgo before 12.128.2 contains an authentication bypass vulnerability in the password change endpoint that allows attackers to change user passwords without requiring current password confirmation. Attackers with temporary session access can exploit this flaw to permanently lock out legitimate users and achieve full account takeover.

Database specific
{
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-620"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/56xxx/CVE-2026-56305.json"
}
References

Affected packages

Git / github.com/cap-go/capgo

Affected ranges

Type
GIT
Repo
https://github.com/cap-go/capgo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "DESCRIPTION"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "12.128.2"
        }
    ]
}

Affected versions

0.*
0.1.6
0.1.8
0.11.0
0.14.0
0.14.2
0.14.5
0.14.6
0.15.1
0.16.0
0.16.1
0.16.3
0.18.2
0.19.0
0.20.1
0.20.2
0.23.0
0.24.1
0.26.0
0.26.1
0.29.1
0.29.5
0.3.1
0.30.12
0.30.12-alpha.1
0.30.19
0.30.2
0.30.5-alpha.4
0.30.6-alpha.0
0.30.6-alpha.2
0.30.8-alpha.0
0.30.8-alpha.1
0.30.8-alpha.4
0.30.9-alpha.0
0.30.9-alpha.10
0.30.9-alpha.15
0.30.9-alpha.16
0.30.9-alpha.3
0.30.9-alpha.6
0.30.9-alpha.9
0.6.1
1.*
1.10.0
1.10.1
1.10.2
1.11.0
1.11.1
1.12.1
1.13.11
1.13.12
1.13.13
1.13.3
1.13.4
1.13.5
1.14.4
1.14.6
1.16.0-alpha.0
1.16.1-alpha.0
1.16.3-alpha.0
1.17.0
1.17.0-alpha.0
1.17.0-alpha.1
1.18.0
1.18.1
1.18.10
1.18.16
1.18.2
1.18.24
1.18.26
1.18.28
1.18.33
1.18.36
1.18.4
1.18.5
1.18.8
1.18.9
1.19.3
1.19.4
1.19.5
1.20.0
1.20.1
1.20.2
1.20.3
1.21.0
1.21.10
1.21.11
1.21.19
1.21.23
1.21.25
1.21.6
1.21.7
1.21.8
1.21.9
1.22.1
1.22.2
1.23.0
1.23.1
1.24.0
1.24.1
1.24.10
1.24.16
1.24.17
1.24.18
1.24.2
1.24.3
1.25.14
1.25.2
1.25.6
1.25.7
1.26.1
1.26.2
1.27.0
1.27.1
1.27.2
1.27.3
1.27.6
1.28.3
1.31.1
1.31.3
1.31.4
1.33.3
1.34.0
1.35.0
1.35.1
1.36.12
1.36.15
1.36.22
1.36.24
1.36.25
1.36.4
1.36.41
1.36.49
1.36.7
1.36.8
1.37.15
1.37.22
1.37.31
1.37.5
1.39.0
1.43.1
1.44.1
1.44.11
1.44.12
1.44.15
1.44.16
1.44.19
1.44.21
1.44.26
1.45.0
1.45.1
1.45.2
1.45.3
1.45.4
1.46.0
1.46.4
1.47.0
1.47.1
1.47.3
1.48.0
1.48.1
1.50.0
1.50.1
1.50.2
1.50.3
1.51.0
1.52.1
1.52.2
1.52.3
1.53.0
1.53.1
1.53.2
1.53.3
1.53.4
1.53.5
1.53.6
1.53.7
1.53.8
1.54.0
1.54.1
1.54.2
1.54.3
1.54.4
1.54.5
1.54.6
1.54.9
1.55.0
1.55.12
1.55.2
1.55.23
1.55.3
1.55.31
1.55.35
1.55.37
1.55.38
1.55.39
1.55.4
1.55.42
1.55.43
1.55.44
1.55.5
1.55.6
1.55.9
1.58.1
1.58.15
1.58.16
1.6.11
1.6.7
1.60.4
1.61.12
1.61.14
1.61.15
1.61.17
1.61.2
1.61.21
1.61.23
1.61.27
1.61.33
1.61.34
1.61.35
1.62.0
1.62.1
1.62.4
1.64.1
1.66.4
1.7.10
1.7.15
1.7.24
1.7.27
1.7.28
1.8.1
1.8.3
1.8.6
1.8.7-alpha.0
1.8.7-alpha.1
1.8.7-alpha.2
1.9.0-alpha.0
1.9.1
1.9.10
1.9.6
1.9.7
1.9.9
10.*
10.0.0
capgo-12.*
capgo-12.123.9
capgo-12.124.0
capgo-12.124.1
capgo-12.124.3
capgo-12.124.4
capgo-12.124.5
capgo-12.124.6
capgo-12.124.7
capgo-12.124.9
capgo-12.125.0
capgo-12.126.0
capgo-12.126.1
capgo-12.126.2
capgo-12.127.0
capgo-12.127.1
capgo-12.127.10
capgo-12.127.11
capgo-12.127.12
capgo-12.127.13
capgo-12.127.14
capgo-12.127.15
capgo-12.127.16
capgo-12.127.17
capgo-12.127.18
capgo-12.127.19
capgo-12.127.2
capgo-12.127.20
capgo-12.127.21
capgo-12.127.22
capgo-12.127.23
capgo-12.127.3
capgo-12.127.4
capgo-12.127.5
capgo-12.127.8
capgo-12.127.9
capgo-12.128.0
capgo-12.128.1
cli-7.*
cli-7.94.0
cli-7.94.1
cli-7.94.5
cli-7.94.6
cli-7.94.7
cli-7.94.8
cli-7.94.9
cli-7.95.0
cli-7.95.1
cli-7.95.10
cli-7.95.2
cli-7.95.3
cli-7.95.4
cli-7.95.5
cli-7.95.6
cli-7.95.7
cli-7.95.8
cli-7.95.9
v12.*
v12.100.0
v12.100.1
v12.100.10
v12.100.11
v12.100.12
v12.100.13
v12.100.14
v12.100.15
v12.100.3
v12.100.4
v12.100.5
v12.100.6
v12.100.7
v12.100.8
v12.100.9
v12.101.0
v12.101.1
v12.102.0
v12.102.1
v12.102.2
v12.102.3
v12.102.4
v12.102.6
v12.103.1
v12.104.2
v12.104.3
v12.105.0
v12.105.3
v12.105.4
v12.105.5
v12.105.6
v12.105.8
v12.105.9
v12.106.0
v12.106.1
v12.106.2
v12.107.0
v12.107.1
v12.107.10
v12.107.11
v12.107.19
v12.107.2
v12.107.20
v12.107.21
v12.107.22
v12.107.24
v12.107.26
v12.107.3
v12.107.4
v12.107.5
v12.107.6
v12.107.7
v12.107.8
v12.108.0
v12.108.1
v12.108.10
v12.108.11
v12.108.12
v12.108.13
v12.108.14
v12.108.15
v12.108.16
v12.108.17
v12.108.18
v12.108.19
v12.108.2
v12.108.3
v12.108.4
v12.108.5
v12.108.6
v12.108.7
v12.108.8
v12.108.9
v12.109.0
v12.109.1
v12.109.10
v12.109.11
v12.109.12
v12.109.13
v12.109.14
v12.109.15
v12.109.17
v12.109.2
v12.109.3
v12.109.4
v12.109.5
v12.109.6
v12.109.7
v12.109.8
v12.109.9
v12.110.0
v12.110.2
v12.110.3
v12.110.4
v12.110.5
v12.110.6
v12.111.1
v12.111.2
v12.111.3
v12.112.0
v12.112.1
v12.112.2
v12.112.3
v12.112.4
v12.112.5
v12.112.6
v12.113.0
v12.113.1
v12.113.2
v12.114.0
v12.114.1
v12.114.12
v12.114.2
v12.114.4
v12.114.6
v12.114.7
v12.114.9
v12.115.0
v12.115.2
v12.116.0
v12.116.1
v12.116.10
v12.116.11
v12.116.12
v12.116.13
v12.116.14
v12.116.15
v12.116.16
v12.116.17
v12.116.18
v12.116.19
v12.116.2
v12.116.20
v12.116.21
v12.116.22
v12.116.23
v12.116.24
v12.116.27
v12.116.28
v12.116.29
v12.116.3
v12.116.30
v12.116.33
v12.116.34
v12.116.39
v12.116.4
v12.116.40
v12.116.41
v12.116.45
v12.116.46
v12.116.47
v12.116.48
v12.116.49
v12.116.5
v12.116.50
v12.116.51
v12.116.52
v12.116.53
v12.116.54
v12.116.55
v12.116.56
v12.116.57
v12.116.58
v12.116.59
v12.116.6
v12.116.60
v12.116.61
v12.116.62
v12.116.63
v12.116.64
v12.116.65
v12.116.66
v12.116.67
v12.116.68
v12.116.69
v12.116.7
v12.116.70
v12.116.71
v12.116.72
v12.116.8
v12.116.9
v12.117.1
v12.117.2
v12.117.3
v12.117.4
v12.117.5
v12.117.6
v12.117.8
v12.118.0
v12.118.1
v12.118.2
v12.119.0
v12.119.10
v12.119.12
v12.119.13
v12.119.14
v12.119.15
v12.119.16
v12.119.17
v12.119.18
v12.119.19
v12.119.20
v12.119.21
v12.119.3
v12.119.4
v12.119.5
v12.119.6
v12.119.8
v12.119.9
v12.120.10
v12.120.11
v12.120.12
v12.120.13
v12.120.14
v12.120.15
v12.120.16
v12.120.19
v12.120.20
v12.120.4
v12.120.5
v12.120.6
v12.120.7
v12.120.8
v12.120.9
v12.121.0
v12.121.1
v12.121.10
v12.121.11
v12.121.2
v12.121.4
v12.121.5
v12.121.6
v12.121.7
v12.121.8
v12.121.9
v12.122.0
v12.122.1
v12.122.10
v12.122.11
v12.122.12
v12.122.13
v12.122.14
v12.122.15
v12.122.16
v12.122.2
v12.122.3
v12.122.4
v12.122.5
v12.122.6
v12.122.7
v12.122.8
v12.122.9
v12.123.0
v12.123.1
v12.123.2
v12.123.3
v12.123.4
v12.123.5
v12.123.6
v12.123.7
v12.123.8
v12.55.3
v12.55.4
v12.55.5
v12.55.8
v12.55.9
v12.56.0
v12.56.1
v12.56.10
v12.56.11
v12.56.12
v12.56.13
v12.56.14
v12.56.15
v12.56.16
v12.56.18
v12.56.2
v12.56.24
v12.56.25
v12.56.26
v12.56.4
v12.56.6
v12.56.7
v12.56.8
v12.56.9
v12.73.2
v12.84.5
v12.84.6
v12.85.0
v12.85.1
v12.85.2
v12.85.3
v12.85.4
v12.85.7
v12.85.8
v12.85.9
v12.86.0
v12.86.2
v12.87.1
v12.89.12
v12.89.14
v12.89.15
v12.89.16
v12.89.17
v12.89.5
v12.89.6
v12.89.9
v12.90.0
v12.90.1
v12.90.2
v12.90.3
v12.91.0
v12.91.1
v12.91.10
v12.91.12
v12.91.14
v12.91.15
v12.91.2
v12.91.3
v12.91.4
v12.91.5
v12.91.6
v12.91.7
v12.91.8
v12.91.9
v12.92.0
v12.93.0
v12.93.1
v12.93.2
v12.93.3
v12.93.4
v12.93.5
v12.93.6
v12.94.0
v12.94.1
v12.94.2
v12.94.6
v12.95.0
v12.96.0
v12.96.1
v12.96.2
v12.97.0
v12.97.1
v12.98.1
v12.98.2
v12.98.3
v12.99.0
v12.99.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-56305.json"