CVE-2026-56238 Capgo - Unauthenticated Information Disclosure via PostgREST global_stats Endpoint
Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST globalstats endpoint that allows unauthenticated attackers to read sensitive financial and operational metrics using only the public apikey. Remote attackers can query the /rest/v1/globalstats endpoin...