Tag
CVE-2026-56226 details a high-severity vulnerability in Capgo versions prior to 12.128.2 that exposes a Supabase PostgREST RPC function, `public.get_orgs_v6`, to unauthenticated attackers, allowing them to retrieve sensitive user organization membership and PII by supplying an arbitrary user UUID.