Information Disclosure in Capgo Product by Leading Vendor
CVE-2026-56238
8.7HIGH
What is CVE-2026-56238?
Capgo versions prior to 12.128.2 are susceptible to an information disclosure vulnerability affecting the Supabase PostgREST global_stats endpoint. This vulnerability enables unauthenticated attackers to exploit the endpoint using only a public API key, allowing them to access sensitive data such as monthly recurring revenue (MRR), total revenue figures, revenue breakdown by plan tier, customer counts, and operational telemetry metrics. The exposure of such sensitive financial and operational information can significantly impact the security posture of organizations utilizing this software.
Affected Version(s)
Capgo 0 < 12.128.2
Capgo 12.128.2
