CVE Catalog

CVE-2026-56314

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile - higher than 22% of all known CVEs

Summary

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during updates resolution, allowing deleted bundles to remain selectable.

Risk Assessment

Attackers can continue deploying deleted bundles to devices by exploiting the missing app_versions.deleted filter in channel version joins.

Recommendation

It is recommended to upgrade to Capgo version 12.128.12 or later to mitigate this vulnerability.

Original NVD description (English source)

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing app_versions.deleted filter in channel version joins.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS