Integrity Issue in Capgo by Capgo with Multiple Public Channels
CVE-2026-56328

7.1HIGH

Key Information:

Vendor

Capgo

Status
Vendor
CVE Published:
30 June 2026

What is CVE-2026-56328?

The vulnerability in Capgo allows multiple public channels for the same application and platform to operate concurrently. When unnamed update requests are made without specifying a default channel, it results in an implicit resolution to a single hidden channel. This can lead to authorized users manipulating the update state ambiguously, affecting which application bundle is served to unnamed clients. This compromises the integrity and predictability of the release routing process, potentially exposing applications to inconsistent updates and increased security risks.

Affected Version(s)

Capgo 0 < 12.128.2

Capgo 12.128.2

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Judel777
.