Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-56327

MEDIUM NVD
CVSS Score 5.3
Severity MEDIUM
Published Jun 30, 2026
Vendor unknown

Description

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.invite_user_to_org RPC function that allows unauthenticated attackers to enumerate organization existence by observing distinct error responses. Attackers can call the SECURITY DEFINER function with a publishable API key to determine if an organization ID exists based on NO_ORG versus NO_RIGHTS responses, enabling tenant enumeration attacks.

References