GHSA-f8rq-8r29-248pHighCVSS 7.5

Capgo before 12.128.2 contains an information disclosure vulnerability in the get_orgs_v7(userid)...

Published
July 10, 2026
Last Modified
July 10, 2026

🔗 CVE IDs covered (1)

📋 Description

Capgo before 12.128.2 contains an information disclosure vulnerability in the get_orgs_v7(userid) RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users' organization membership, roles, management emails, and billing metadata.

🔗 References (4)