EUVD-2026-38094

Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state. As a result, the backend continues to treat the account as...

CVE-2026-56080

Capgo before 12.128.2 has an Enforce Password Policy flaw: after a Super Admin enables the policy and sets a compliant password, the backend does not update the password‑compliance state, so the account remains non‑compliant and the system repeatedly prompts for password resets, effectively locki...