CVE Catalog

CVE-2026-56299

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

31th percentile — higher than 31% of all known CVEs

Summary

Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/* endpoint that allows unauthenticated attackers to trigger consistent 500 errors.

Risk Assessment

Remote attackers can send OPTIONS requests to bypass authentication middleware, enabling trivial request flooding and denial of service.

Recommendation

It is recommended to upgrade to version 12.128.2 or later to mitigate this vulnerability and implement additional safeguards against denial of service attacks.

Original NVD description (English source)

Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/* endpoint that allows unauthenticated attackers to trigger consistent 500 errors. Remote attackers can send OPTIONS requests to bypass authentication middleware and invoke tusProxy logic with invalid credentials, enabling trivial request flooding and denial of service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS