Executive Summary

CVE-2026-56330 is an open redirect vulnerability found in Capgo versions before 12.128.2. It affects the stripe_portal and stripe_checkout endpoints, which accept unvalidated parameters such as callbackUrl, successUrl, and cancelUrl. Because these URLs are not validated, authenticated attackers can craft malicious billing URLs that redirect users to attacker-controlled domains.

This vulnerability is classified under CWE-601 (URL Redirection to Untrusted Site) and allows attackers to exploit trusted billing flows to redirect victims to malicious sites.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can be exploited by authenticated attackers to redirect users to attacker-controlled domains through malicious billing URLs.

• Phishing attacks targeting users by redirecting them to fake login or payment pages.
• Credential harvesting by tricking users into entering sensitive information on malicious sites.
• Potential social engineering attacks leveraging trusted billing contexts.
• Possible payment fraud or malware delivery through redirected malicious domains.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves unvalidated redirect URLs in the stripe_portal and stripe_checkout endpoints of Capgo versions before 12.128.2. Detection involves identifying requests to these endpoints that include callbackUrl, successUrl, or cancelUrl parameters pointing to untrusted or attacker-controlled domains.

To detect exploitation attempts on your system or network, you can monitor HTTP POST requests to the following endpoints:

• POST /functions/v1/private/stripe_portal
• POST /functions/v1/private/stripe_checkout

Look for these requests containing parameters callbackUrl, successUrl, or cancelUrl with values that redirect to external or suspicious domains.

Example commands to detect such requests in logs or via network monitoring tools might include:

• Using grep on web server logs: grep -E 'stripe_portal|stripe_checkout' /path/to/access.log | grep -E 'callbackUrl=|successUrl=|cancelUrl='
• Using network monitoring tools or IDS to alert on POST requests to these endpoints with external redirect URLs.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade Capgo to version 12.128.2 or later, where this open redirect vulnerability has been patched.

Until the upgrade can be applied, consider the following immediate actions:

• Restrict access to the stripe_portal and stripe_checkout endpoints to only trusted authenticated users with necessary permissions.
• Implement input validation or filtering on the callbackUrl, successUrl, and cancelUrl parameters to ensure they only allow trusted domains.
• Monitor logs and network traffic for suspicious redirect URL parameters to detect potential exploitation attempts.
• Educate users about phishing risks related to unexpected redirects from billing URLs.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows authenticated attackers to craft malicious billing URLs that redirect users to attacker-controlled domains, enabling phishing and credential harvesting attacks.

Such phishing and credential harvesting activities can lead to unauthorized access to personal or sensitive information, which may result in non-compliance with data protection regulations like GDPR and HIPAA that require safeguarding user data and preventing unauthorized disclosure.

However, the provided information does not explicitly state the direct impact on compliance with these standards.

Useful 0 Not Useful 0