Product
An information disclosure vulnerability (CVE-2026-56238) in Capgo before 12.128.2's Supabase PostgREST global_stats endpoint allows unauthenticated attackers to retrieve sensitive financial and operational metrics using a public API key.