CVE-2026-53982

CVE-2026-53982 is a medium-severity vulnerability with a CVSS 3.x base score of 6.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-645.

Key facts

Description

Cap-go Console < 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the deletion state with the device identifier, causing the affected device or browser environment to be redirected to an account-disabled page for approximately 30 days, preventing any account login or registration from that device.

Frequently asked questions

What is CVE-2026-53982?
Cap-go Console < 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the deletion state with the device identifier, causing the affected device or browser environment to be redirected to an account-disabled page for approximately 30 days, preventing any account login or registration from that device.
How severe is CVE-2026-53982?
CVE-2026-53982 has a CVSS 3.x base score of 6.5, rated medium severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
Is CVE-2026-53982 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (25th percentile), an estimate of the probability of exploitation in the next 30 days.
How do I fix CVE-2026-53982?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2026-53982 have an EU (EUVD) identifier?
Yes. CVE-2026-53982 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-36505.
When was CVE-2026-53982 published?
CVE-2026-53982 was published on 2026-06-12 and last updated on 2026-06-17.

References

Other CWE-645 vulnerabilities

Browse all CWE-645 vulnerabilities →