CVE-2026-56299 Capgo CVE debrief

Who should care

Organizations using Capgo versions before 12.128.2 should prioritize patching this vulnerability to prevent potential DoS attacks. Security teams and administrators responsible for Capgo deployments should review the official advisories and implement the recommended fixes.

Technical summary

The vulnerability exists in the /build/upload/:jobId/* endpoint of Capgo, where an unauthenticated attacker can send an OPTIONS request to bypass authentication middleware. This allows the attacker to invoke tusProxy logic with invalid credentials, leading to consistent 500 errors and potential DoS conditions. The issue is classified under CWE-306 and has a CVSS vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

Medium priority due to potential for DoS attacks with CVSS score of 6.9

Recommended defensive actions

• Inventory Capgo deployments to identify affected versions
• Review official advisories for patching guidance
• Implement vendor-supported remediation
• Review compensating controls for unauthenticated requests
• Monitor for suspicious OPTIONS requests
• Track exceptions for /build/upload/:jobId/* endpoint usage

Evidence notes

The primary evidence for this vulnerability comes from the NVD and CVE.org records. The vulnerability affects Capgo versions before 12.128.2. The CVE record and NVD detail provide the basis for this debrief. Defenders should verify the official CVE record and NVD detail for the most up-to-date information.

Official resources