CVE-2026-56214 – Capgo – Unauthenticated Organization Enumeration and Billing Status Disclosure via Supabase RPC

CVE ID :CVE-2026-56214

Published : June 20, 2026, 12:14 a.m. | 1 hour, 28 minutes ago

Description :Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints is_trial_org and is_paying_org that allows unauthenticated attackers to enumerate organizations and disclose billing status using the public sb_publishable key. Attackers can invoke these endpoints to determine organization existence via distinguishable return values and identify paying customers for targeted profiling.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…