Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 01 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 09:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Cap-go
Cap-go cap-go |
|
| Vendors & Products |
Cap-go
Cap-go cap-go |
Tue, 30 Jun 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Capgo before 12.128.2 contains an information disclosure vulnerability in the public.invite_user_to_org RPC function that allows unauthenticated attackers to enumerate organization existence by observing distinct error responses. Attackers can call the SECURITY DEFINER function with a publishable API key to determine if an organization ID exists based on NO_ORG versus NO_RIGHTS responses, enabling tenant enumeration attacks. | |
| Title | Capgo - Unauthenticated Organization Existence Oracle via public.invite_user_to_org RPC | |
| Weaknesses | CWE-203 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-01T13:19:13.085Z
Reserved: 2026-06-20T13:06:29.994Z
Link: CVE-2026-56327
Updated: 2026-07-01T13:17:19.333Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T09:15:15Z