PT-2026-57169 · Cap Go · Cap-Go

Judel777

·

Published

2026-07-10

·

Updated

2026-07-10

·

CVE-2026-56279

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Capgo before 12.128.2 contains an information disclosure vulnerability in the get orgs v7(userid) RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users' organization membership, roles, management emails, and billing metadata.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-56279

Affected Products

Cap-Go