Information Disclosure Vulnerability in Capgo by Capgo
CVE-2026-56318

6.9MEDIUM

Key Information:

Vendor

Capgo

Status
Vendor
CVE Published:
30 June 2026

What is CVE-2026-56318?

The Capgo application prior to version 12.128.2 has an information disclosure issue in the /private/validate_password_compliance endpoint. This vulnerability allows unauthenticated attackers to exploit variations in response error messages to distinguish between malformed, non-existent, and existing organization IDs. By carefully assessing the status codes returned by the endpoint, attackers can enumerate and confirm the existence of valid organization UUIDs, potentially leading to further attacks or unauthorized access to sensitive information.

Affected Version(s)

Capgo 0 < 12.128.2

Capgo 12.128.2

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Judel777
.