Information Disclosure Vulnerability in Capgo by Capgo
CVE-2026-56279

8.7HIGH

Key Information:

Vendor

Capgo

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-56279?

Capgo before version 12.128.2 is vulnerable to an information disclosure issue in the get_orgs_v7(userid) RPC function, which is publicly accessible despite intended safeguards. This flaw allows unauthenticated attackers to exploit arbitrary user UUIDs, enabling them to fetch sensitive information including foreign users' organization memberships, roles, management emails, and billing metadata, ultimately compromising the confidentiality of user data.

Affected Version(s)

Capgo 0 < 12.128.2

Capgo 12.128.2

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Judel777
.