CVE Catalog

CVE-2026-56073

CriticalCVSS 9.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile — higher than 9% of all known CVEs

Summary

Cap-go before version 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely mark verification successful.

Risk Assessment

This vulnerability poses a risk of unauthorized 2FA enablement and account takeover, potentially leading to serious data security breaches.

Recommendation

It is recommended to upgrade to Cap-go version 12.128.2 or later to eliminate this vulnerability and implement additional security measures to monitor and protect against OTP verification attacks.

Original NVD description (English source)

Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely mark verification successful, enabling unauthorized 2FA enablement and account takeover.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS