A vulnerability was found in capgo up to 12.128.1. It has been declared as problematic. This impacts the function
get_orgs_v6 of the file /rest/v1/rpc/get_orgs_v6 of the component PostgREST RPC Handler. Executing a manipulation of the argument userid can lead to improper authentication.
This vulnerability appears as CVE-2026-56226. The attack may be performed from remote. There is no available exploit.