CVE-2026-53982
Received Received - Intake
Denial-of-Service in Capgo Console via Account Deletion

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: VulnCheck

Description
Capgo Console prior to 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the deletion state with the device identifier, causing the affected device or browser environment to be redirected to an account-disabled page for approximately 30 days, preventing any account login or registration from that device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-12
AI Q&A
2026-06-12
EPSS Evaluated
N/A
NVD
CVE-2026-53982
EUVD
EUVD-2026-36505
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
capgo capgo_console to 12.28.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-645 The product contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to deny service to legitimate users by causing their accounts to be locked out.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-53982 is a denial-of-service vulnerability in Capgo Console versions prior to 12.28.2 that occurs during the account deletion process.

When an attacker triggers account deletion while a device identifier is linked to an active session, the platform incorrectly associates the deletion state with that device identifier.

This causes the affected device or browser environment to be redirected to an account-disabled page for about 30 days, blocking any login or registration attempts from that device.

Impact Analysis

This vulnerability can cause a denial-of-service condition by preventing legitimate users from authenticating or onboarding using the affected device or browser.

Users of the affected device will be redirected to an account-disabled page for approximately 30 days, effectively blocking access to their accounts or the ability to register new accounts from that device.

This leads to poor recovery experiences and potential disruption of normal platform usage.

Detection Guidance

This vulnerability can be detected by monitoring for devices or browser environments that are redirected to the /accountDisabled page and are unable to log in or register for approximately 30 days after an account deletion event.

Audit checks, monitoring, and logging of account deletion events and device identifier associations are recommended to detect abnormal or abusive behavior related to this vulnerability.

Specific commands are not provided in the available resources, but network or application logs should be examined for repeated redirects to the account-disabled page and failed authentication attempts from the same device identifier following account deletions.

Mitigation Strategies

Immediate mitigation steps include updating Capgo Console to version 12.28.2 or later, where this vulnerability has been addressed.

Additional recommended measures are to decouple device identity from account deletion, maintain device neutrality after account removal, invalidate only session tokens, regenerate device identifiers on new authentication, and implement clear device ban logic with recovery mechanisms.

Implementing audit checks, monitoring, and logging can also help prevent abuse and detect exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53982. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart