CVE-2026-56073
CriticalCVSS 9.4Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
Cap-go before version 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely mark verification successful.
Risk Assessment
This vulnerability poses a risk of unauthorized 2FA enablement and account takeover, potentially leading to serious data security breaches.
Recommendation
It is recommended to upgrade to Cap-go version 12.128.2 or later to eliminate this vulnerability and implement additional security measures to monitor and protect against OTP verification attacks.
Original NVD description (English source)
Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely mark verification successful, enabling unauthorized 2FA enablement and account takeover.

