CVE-2026-56313

Capgo · Capgo

Capgo is affected by an improper authorization vulnerability that allows an authenticated user to disrupt cross-organization accounts via the SSO prelink endpoint.

Executive summary

An authorization flaw in Capgo allows an authenticated user to perform unauthorized actions across organization boundaries, posing a significant risk to multi-tenant data integrity.

Vulnerability

The application fails to properly enforce authorization checks (CWE-285) within the SSO prelink endpoint. An authenticated user with low privileges can manipulate this endpoint to disrupt accounts belonging to other organizations.

Business impact

This vulnerability enables cross-organization account disruption, which could lead to significant operational downtime, data integrity issues, and a loss of trust in the platform's multi-tenant isolation. With a CVSS score of 8.1, the potential for unauthorized administrative-level impact on other users' accounts makes this a high-priority remediation.

Remediation

Immediate Action: Update the Capgo platform to version 12.128.2 or later immediately.

Proactive Monitoring: Audit logs for any anomalous activity involving the SSO prelink endpoint, specifically looking for requests that reference identifiers outside of the authenticated user's organization.

Compensating Controls: If immediate patching is not possible, temporarily disable or restrict access to the SSO prelink functionality if it is not business-critical.

Exploitation status

Public Exploit Available: No (unknown)

Analyst recommendation

Organizations using Capgo must prioritize this update to maintain tenant isolation and prevent account disruption. Administrators should verify that the patch is correctly applied and that no unauthorized account modifications have occurred prior to the update.