Skip to content

CVE-2026-56338

is CVE-2026-56338real, exploitable, or a false positive? Here's the community verdict.

☆ Watch
Medium · CVSS 5.3CWE-703

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors with captcha verification process failed messages, blocking access to security controls.

References

NVD MITRE CVE.org

Published

Embed this verdict
TruePositive verdict for CVE-2026-56338
Markdown
[![TruePositive verdict](https://www.truepositive.app/cve/CVE-2026-56338/badge.svg)](https://www.truepositive.app/cve/CVE-2026-56338)
HTML
<a href="https://www.truepositive.app/cve/CVE-2026-56338"><img src="https://www.truepositive.app/cve/CVE-2026-56338/badge.svg" alt="TruePositive verdict for CVE-2026-56338"></a>

Live badge that updates automatically as the community verdict changes.

Community ground truth

In your experience, is this finding real and exploitable?

0 verdicts
Not a real issue

No account needed. Anonymous verdicts post as an unverified signal. Log in to make yours verified and earn reputation.

Field notes & remediation

Verdicts are the quick signal. Notes are the evidence and fixes behind them.

No notes yet. Be the first to share what you saw, or a fix that worked.

    Add a field note or remediationoptional
    Note type

    What are you adding?

    Markdown supported · minimum 20 characters.