Loading market data...
← Back to CVE feed

CVE-2026-56328

MEDIUM CVSS 6.5 View on NVD ↗

Description

Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist simultaneously, while unnamed /updates requests without defaultChannel implicitly resolve to a single hidden winner channel. An authorized app or channel manager can create ambiguous default update state and silently influence which bundle unnamed clients receive, breaking release routing integrity and predictability.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Published: Jun 30, 2026 23:17 UTC Modified: Jul 01, 2026 16:16 UTC