PT-2026-57556 · Cap Go · Cap-Go
Offset
·
Published
2026-07-12
·
Updated
2026-07-12
·
CVE-2026-56336
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Capgo versions prior to 12.128.2
Description
An information disclosure issue exists in the unauthenticated '/private/sso/check-domain' endpoint. The endpoint returns internal
org id and provider id values, allowing attackers to enumerate email domains to create mappings of domains to organization UUIDs and SSO provider identifiers for reconnaissance against tenants.Recommendations
Update to version 12.128.2 or later.
Restrict access to the '/private/sso/check-domain' endpoint to minimize the risk of information disclosure.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cap-Go