PT-2026-51778 · Cap Go · Cap-Go

Judel777

Published

2026-06-24

Updated

2026-06-24

CVE-2026-56310

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Cap-go before 12.128.2 contains an authorization bypass vulnerability in the GET /organization/members endpoint that allows org-limited API keys to bypass limited to orgs restrictions. Attackers with org-limited API keys can read membership data including uid, email, image url, role, and is tmp from organizations outside their assigned scope.

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

CVE-2026-56310

Affected Products

Cap-Go

PT-2026-51778 · Cap Go · Cap-Go

CVE-2026-56310

Weakness Enumeration

Related Identifiers

Affected Products

References · 3