Information Disclosure Vulnerability in Capgo by Capgo
CVE-2026-56336
6.9MEDIUM
What is CVE-2026-56336?
The software Capgo, prior to version 12.128.2, is susceptible to an information disclosure issue at the unauthenticated /private/sso/check-domain endpoint. This vulnerability allows attackers to retrieve internal organization identifiers and SSO provider details, which can be used to enumerate email domains and create mappings between them and organization UUIDs. This poses significant risks to Capgo tenants by enabling attackers to perform reconnaissance activities more effectively.
Affected Version(s)
Capgo 0 < 12.128.2
Capgo 12.128.2
