PatchSiren cyber security CVE debrief
CVE-2026-56279 Capgo CVE debrief
CVE-2026-56279 is an information disclosure vulnerability in Capgo before 12.128.2. The vulnerability is located in the get_orgs_v7(userid) RPC function, which remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users' organization membership, roles, management emails, and billing metadata. This vulnerability allows unauthorized access to sensitive information, potentially leading to further exploitation.
- Vendor
- Capgo
- Product
- Unknown
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-10
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-10
- Advisory updated
- 2026-07-10
Who should care
Users of Capgo before version 12.128.2 should be aware of this vulnerability and take steps to mitigate it. This vulnerability allows unauthenticated attackers to access sensitive information about other users' organization membership and roles, potentially leading to further exploitation.
Technical summary
The get_orgs_v7(userid) RPC function in Capgo before 12.128.2 does not properly enforce private access controls, allowing unauthenticated attackers to retrieve sensitive information about other users' organization membership, roles, management emails, and billing metadata by supplying arbitrary user UUIDs. This vulnerability allows unauthorized access to sensitive information, potentially leading to further exploitation.
Defensive priority
High
Recommended defensive actions
- Update Capgo to version 12.128.2 or later
- Restrict access to the get_orgs_v7(userid) RPC function
- Monitor for suspicious activity related to this vulnerability
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-10T15:16:42.157Z and has not been modified since then. The NVD entry is currently Deferred. The information disclosure vulnerability in Capgo before 12.128.2 is located in the get_orgs_v7(userid) RPC function, which remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users' organization membership, roles, management emails, and billing metadata. Evidence is limited to CVE and NVD details.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T15:16:42.157Z and has not been modified since then. The NVD entry is currently Deferred.