Information Disclosure Vulnerability in Capgo Product by Capgo
CVE-2026-56327

6.9MEDIUM

Key Information:

Vendor

Capgo

Status
Vendor
CVE Published:
30 June 2026

What is CVE-2026-56327?

Capgo versions prior to 12.128.2 have a vulnerability in the public.invite_user_to_org RPC function, allowing unauthenticated attackers to discover the existence of organizations. By leveraging distinct error responses, such as NO_ORG and NO_RIGHTS, attackers can execute tenant enumeration attacks using a publishable API key. This exposure poses a significant risk as it enables potential attackers to gather sensitive information about organizations associated with the affected Capgo product.

Affected Version(s)

Capgo 0 < 12.128.2

Capgo 12.128.2

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Judel777
.