CVE-2026-56314
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk22th percentile - higher than 22% of all known CVEs
Summary
Capgo before 12.128.12 fails to filter deleted app versions when joining channels during updates resolution, allowing deleted bundles to remain selectable.
Risk Assessment
Attackers can continue deploying deleted bundles to devices by exploiting the missing app_versions.deleted filter in channel version joins.
Recommendation
It is recommended to upgrade to Capgo version 12.128.12 or later to mitigate this vulnerability.
Original NVD description (English source)
Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing app_versions.deleted filter in channel version joins.

