Back to CVE List

CVE-2026-56073

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score
9.4 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Vulnerability Description

Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely mark verification successful, enabling unauthorized 2FA enablement and account takeover.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-345
Source
NVD
Vendor
Cap-go
Product
capgo

External References

Discussion (0)

Add Comment

No comments yet. Be the first!