Is CVE-2026-56314 being exploited?

No public exploit is currently tracked.

How severe is CVE-2026-56314?

CVE-2026-56314 has a CVSS v3 severity of HIGH (7.1).

Back

CVE-2026-56314

Description

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing app_versions.deleted filter in channel version joins.