CVE-2026-56222 - Capgo - Cross-Organization App Takeover via Mismatched org_id and app_id in /private/role_bindings
CVE ID :CVE-2026-56222 Published : June 23, 2026, 12:12 p.m. | 57 minutes ago Description :Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/role_bindings that fails to verify app_id ownership during app-scoped role binding creation. An attacker with...