A vulnerability described as problematic has been identified in Cap-go up to 12.128.1. Affected is the function
transfer_app of the component RPC. Such manipulation of the argument app leads to information disclosure.
This vulnerability is documented as CVE-2026-56296. The attack can be executed remotely. There is not any exploit available.