Integrity Issue in Capgo by Capgo with Multiple Public Channels
CVE-2026-56328
7.1HIGH
What is CVE-2026-56328?
The vulnerability in Capgo allows multiple public channels for the same application and platform to operate concurrently. When unnamed update requests are made without specifying a default channel, it results in an implicit resolution to a single hidden channel. This can lead to authorized users manipulating the update state ambiguously, affecting which application bundle is served to unnamed clients. This compromises the integrity and predictability of the release routing process, potentially exposing applications to inconsistent updates and increased security risks.
Affected Version(s)
Capgo 0 < 12.128.2
Capgo 12.128.2
