PT-2026-57169 · Cap Go · Cap-Go
Judel777
·
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-56279
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Capgo before 12.128.2 contains an information disclosure vulnerability in the get orgs v7(userid) RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users' organization membership, roles, management emails, and billing metadata.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cap-Go