CVE-2026-56299

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2

Description An authentication bypass exists in the '/build/upload/:jobId/*' endpoint. Unauthenticated remote attackers can send OPTIONS requests to bypass authentication middleware and invoke tusProxy logic using invalid credentials. This allows the attacker to trigger consistent 500 errors, enabling request flooding and a denial of service (DoS), which is a condition where a system becomes unavailable to its intended users.

Recommendations Update to version 12.128.2 or later.