CVE-2026-56336
EUVD-2026-4323212.07.2026, 12:16
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal org_id and provider_id values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers, enabling reconnaissance against Capgo tenants.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.
Common Weakness Enumeration