PT-2026-60114 · Cap Go · Cap-Go

Judel777

·

Publicado

2026-07-15

·

Atualizado

2026-07-15

·

CVE-2026-56339

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Capgo (Cap-go/capgo) before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST SECURITY DEFINER RPC function public.rescind invitation that allows unauthenticated attackers to enumerate organization existence. The function returns distinct error messages (NO ORG vs NO RIGHTS) when called with only a publishable API key, enabling attackers to discover valid organization IDs and increase the attack surface for targeted phishing or social engineering campaigns.

Correção

Side Channel Attack

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-56339

Produtos afetados

Cap-Go