Product
A vulnerability, CVE-2026-56254, in @capgo/capacitor-updater (Cap-go/capgo) before version 12.128.2 allows an attacker to create and distribute validly signed malicious application updates by leveraging the improper distribution of a private key to each client device, enabling man-in-the-middle or server compromise scenarios.