Unrated severityNVD Advisory· Published Jun 24, 2026· Updated Jun 24, 2026

Capgo - Denial of Service in 2FA Email Verification via /auth/v1/otp Endpoint

CVE-2026-56338

Description

Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors with captcha verification process failed messages, blocking access to security controls.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Cap Go/Capgollm-fuzzy
Range: <12.128.2

Patches

Vulnerability mechanics

References

github.com/Cap-go/capgo/security/advisories/GHSA-m53g-7gcj-x6f7mitrevendor-advisory
www.vulncheck.com/advisories/capgo-denial-of-service-in-2fa-email-verification-via-auth-v1-otp-endpointmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000