Unauthenticated API Vulnerability in Capgo Software
CVE-2026-56300
8.7HIGH
What is CVE-2026-56300?
Capgo software versions prior to 12.128.2 are affected by a significant vulnerability that permits unauthenticated attackers to exploit security context functions. These include the get_user_id and get_org_perm_for_apikey RPC functions, which can leak API key validity and user UUID information. Attackers utilizing public API keys are able to exploit this flaw to validate exposed keys, enumerate users, and ascertain permission levels, thereby enhancing their ability to act on compromised credentials.
Affected Version(s)
Capgo 0 < 12.128.2
Capgo 12.128.2
