CVE-2026-53982 is a high-severity denial-of-service vulnerability in Cap-go Console < 12.28.2. The vulnerability allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the deletion state with the device identifier, causing the affected device or browser environment to [truncated]
CVE-2026-53981 is a HIGH severity vulnerability in Cap-go prior to 12.128.2. The vulnerability exists in the email change mechanism, allowing an attacker with temporary authenticated session access to change the registered email address without re-authentication, such as password or MFA verification. This enables attackers to redirect verification to an attacker-controlled email address and subsequently p [truncated]
