PT-2026-51409 · Cap Go · Cap-Go

Judel777

Published

2026-06-22

Updated

2026-06-22

CVE-2026-56314

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing app versions.deleted filter in channel version joins.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-672

Related Identifiers

CVE-2026-56314

Affected Products

Cap-Go

PT-2026-51409 · Cap Go · Cap-Go

CVE-2026-56314

Weakness Enumeration

Related Identifiers

Affected Products

References · 3