CVE-2026-56331 - CERT CVE
ID CVE-2026-56331
Sažetak Capgo before 12.128.2 contains improper error handling in the /private/accept_invitation endpoint that returns HTTP 500 instead of safe 4xx errors when magic_invite_string is invalid. Attackers can trigger this vulnerability using only the public key by submitting malformed magic_invite_string values to cause server errors and leak internal processing details.
Reference
CVSS
Base: 5.3
Impact: 1.4
Exploitability:3.9
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
LOW NONE NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Zadnje važnije ažuriranje 01-07-2026 - 16:16
Objavljeno 30-06-2026 - 23:17