CVE-2026-56330 – Capgo – Open Redirect via Unvalidated Stripe Billing URLs

CVE ID :CVE-2026-56330

Published : June 20, 2026, 3:24 p.m. | 2 hours, 18 minutes ago

Description :Capgo before 12.128.2 contains an open redirect vulnerability in stripe_portal and stripe_checkout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for phishing and credential harvesting.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…