ГлавнаяУязвимости → CVE-2026-56238
7.5высокая

CVE-2026-56238

Описание

Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST global_stats endpoint that allows unauthenticated attackers to read sensitive financial and operational metrics using only the public apikey. Remote attackers can query the /rest/v1/global_stats endpoint to expose MRR, total revenue, plan-tier revenue breakdown, customer counts, and operational telemetry.

CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://github.com/Cap-go/capgo/security/advisories/GHSA-73rv-fpp7-r3r4https://www.vulncheck.com/advisories/capgo-unauthenticated-information-disclosure-via-postgrest-global-stats-endpointhttps://github.com/Cap-go/capgo/security/advisories/GHSA-73rv-fpp7-r3r4