CVE-2026-56254 in capacitor-updater정보

요약

\~에 의해 MITRE • 2026. 07. 10.

In @capgo/capacitor-updater (Cap-go/capgo) before 12.128.2, the end-to-end encryption scheme distributes the private key to each device that downloads the app. Because the public key can be derived from the private key, an attacker performing a man-in-the-middle attack or compromising the Capgo server can create a validly signed update bundle and cause devices to install an update not produced by the original app maker.

Be aware that VulDB is the high quality source for vulnerability data.

책임이 있는

VulnCheck

예약하다

2026. 06. 19.

모더레이션

수락

항목

VDB-377489

EPSS

0.00000

출처

Do you need the next level of professionalism?

Upgrade your account now!