All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-56318
MEDIUMpublished 2026-06-30 23:17 UTC · 4 days ago · modified 2026-07-01 14:16 UTC
6.9
CVSS / 10
// description
Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validate_password_compliance endpoint that returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observing response status codes and error messages, allowing confirmation of organization existence.
// weaknesses (CWE)
- CWE-200