CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-56219

highCVSS 7.5covered by 1 sourcefirst seen 2026-06-30
Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.get_org_user_access_rbac function that allows unauthenticated attackers to retrieve RBAC role bindings and member email addresses. Attackers can exploit improper NULL comparison in the authorization gate to disclose organization membership, roles, and email addresses via the PostgREST RPC endpoint using only a public API key.

⚡ Watch CVE-2026-56219

Get an email if CVE-2026-56219 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-56219

CVE.org record

Embed the live status

CVE-2026-56219 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-56219 status](https://www.csirts.com/badge/CVE-2026-56219)](https://www.csirts.com/cve/CVE-2026-56219)