Loading market data...
← Back to CVE feed

CVE-2026-56253

HIGH CVSS 7.5 View on NVD ↗

Description

Capgo before 12.128.2 contains an improper access control vulnerability in the public.get_org_members RPC function that allows unauthenticated attackers to enumerate organization members. Attackers can invoke the endpoint using only the public sb_publishable_* key and an organization UUID to retrieve sensitive member information including email addresses, user IDs, roles, and pending invitations.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: Jun 21, 2026 14:16 UTC Modified: Jun 21, 2026 14:16 UTC