Information Disclosure Vulnerability in Capgo by Capgo
CVE-2026-56318
6.9MEDIUM
What is CVE-2026-56318?
The Capgo application prior to version 12.128.2 has an information disclosure issue in the /private/validate_password_compliance endpoint. This vulnerability allows unauthenticated attackers to exploit variations in response error messages to distinguish between malformed, non-existent, and existing organization IDs. By carefully assessing the status codes returned by the endpoint, attackers can enumerate and confirm the existence of valid organization UUIDs, potentially leading to further attacks or unauthorized access to sensitive information.
Affected Version(s)
Capgo 0 < 12.128.2
Capgo 12.128.2
