CVE-2026-56219
Capgo before 12.128.2 contains a NULL-auth bypass in public.get_org_user_access_rbac that allows unauthenticated attackers to disclose RBAC role bindings and member email addresses. The issue arises from improper NULL comparison in the authorization gate, enabling disclosure of organization membe...