CVE-2026-56339info

Zusammenfassung

von MITRE • 15.07.2026

Capgo (Cap-go/capgo) before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST SECURITY DEFINER RPC function public.rescind_invitation that allows unauthenticated attackers to enumerate organization existence. The function returns distinct error messages (NO_ORG vs NO_RIGHTS) when called with only a publishable API key, enabling attackers to discover valid organization IDs and increase the attack surface for targeted phishing or social engineering campaigns.

Be aware that VulDB is the high quality source for vulnerability data.

Veröffentlichung

15.07.2026

Moderieren

wird geprüft

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Quellen

Do you need the next level of professionalism?

Upgrade your account now!