Information Disclosure Vulnerability in Capgo Product by Capgo
CVE-2026-56327
6.9MEDIUM
What is CVE-2026-56327?
Capgo versions prior to 12.128.2 have a vulnerability in the public.invite_user_to_org RPC function, allowing unauthenticated attackers to discover the existence of organizations. By leveraging distinct error responses, such as NO_ORG and NO_RIGHTS, attackers can execute tenant enumeration attacks using a publishable API key. This exposure poses a significant risk as it enables potential attackers to gather sensitive information about organizations associated with the affected Capgo product.
Affected Version(s)
Capgo 0 < 12.128.2
Capgo 12.128.2
