PT-2026-51226 · Cap Go · Cap-Go
Judel777
·
Published
2026-06-21
·
Updated
2026-06-21
·
CVE-2026-56316
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cap-go versions prior to 12.128.2
Description
An information disclosure issue exists in the 'OPTIONS /build/upload/:jobId/*' endpoint. Unauthenticated attackers can enumerate valid builder job IDs by observing response discrepancies. This allows attackers to distinguish valid job IDs from invalid ones and generate sustained unauthenticated traffic, leading to resource consumption. The vulnerable variable is
jobId.Recommendations
Update to version 12.128.2 or later.
Fix
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cap-Go