PatchSiren cyber security CVE debrief
CVE-2026-53982 Cap-go CVE debrief
CVE-2026-53982 is a high-severity denial-of-service vulnerability in Cap-go Console < 12.28.2. The vulnerability allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the deletion state with the device identifier, causing the affected device or browser environment to be redirected to an account-disabled page for approximately 30 days, preventing any account login or registration from that device. The vulnerability has a CVSS score of 7.1 and is considered HIGH severity.
- Vendor
- Cap-go
- Product
- capgo
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-13
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-13
Who should care
Users of Cap-go Console versions prior to 12.28.2 should apply the patch to prevent exploitation of this vulnerability.
Technical summary
The vulnerability is caused by the incorrect association of the deletion state with the device identifier in the account deletion flow of Cap-go Console. This allows an attacker to trigger account deletion while a device identifier is linked to the active session, resulting in a denial-of-service condition.
Defensive priority
HIGH
Recommended defensive actions
- Apply the patch to upgrade Cap-go Console to version 12.28.2 or later.
- Review and update security configurations to prevent exploitation of this vulnerability.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information can be found at [ref-4], [ref-5], and [ref-6].
Official resources
CVE-2026-53982 was published on 2026-06-12T17:16:26.727Z and modified on 2026-06-13T13:16:21.490Z.