{"vulnerability": "cve-2026-56073", "sightings": [{"uuid": "64e3fa8f-31ef-4b71-8bf6-325c4f08b3df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56073", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moohtqinc627", "content": "CVE-2026-56073 - Cap-go - OTP Bypass via Response Manipulation in Email Verification\nCVE ID : CVE-2026-56073\n \n Published : June 19, 2026, 9:39 p.m. | 1\u00a0hour, 30\u00a0minutes ago\n \n Description : Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verifica...", "creation_timestamp": "2026-06-19T23:14:13.486897Z"}, {"uuid": "c2c38aa7-3412-46e3-9849-74827f058f5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-56073", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116780199172553168", "content": "CVE-2026-56073 (CRITICAL) affects Cap-go capgo <12.128.2: Insufficient data authenticity checks allow OTP bypass, enabling attackers to activate 2FA & take over accounts. No patch yet \u2014 monitor vendor updates. https://radar.offseq.com/threat/cve-2026-56073-insufficient-verification-of-data-a-d7403d6896f5b084 #OffSeq #CVE #Infosec #AppSec", "creation_timestamp": "2026-06-20T03:00:27.713564Z"}, {"uuid": "bdb6f574-09db-4040-be0d-8efc1512d522", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-56073", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3moouic4kvn2u", "content": "Cap-go capgo (<12.128.2) hit by CRITICAL CVE-2026-56073: OTP auth bypass lets attackers enable 2FA & take over accounts. No patch \u2014 monitor vendor channels for updates. https://radar.offseq.com/threat/cve-2026-56073-insufficient-verification-of-data-a-d7403d6896f5b084 #OffSeq #CVE #Security", "creation_timestamp": "2026-06-20T03:00:28.714462Z"}, {"uuid": "4c59b0fb-700f-4a87-a253-6d7153d54cba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56073", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mop3ix2tpp2z", "content": "Daily IT Security Digest \u2014 2026-06-20\nCVE-2026-56073 (CRITICAL) allows OTP bypass through insufficient data authenticity checks, enabling attackers to activate two-factor authentication and take over accounts. EUVD-2026-38100 (8.7) and EUVD-2026-38099 (6.9) involve information disclosure via", "creation_timestamp": "2026-06-20T05:06:06.409474Z"}, {"uuid": "50e46777-b304-4f79-9e9b-3641a6407f28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56073", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mopbujmpzo2r", "content": "Cap-go 12.128.2\u672a\u6e80\u306eOTP\u8a8d\u8a3c\u306b\u8106\u5f31\u6027\u3002\u653b\u6483\u8005\u306f\u30e1\u30fc\u30eb\u691c\u8a3c\u3092\u8fc2\u56de\u3057\u30012FA\u4e0d\u6b63\u6709\u52b9\u5316\u3084\u30a2\u30ab\u30a6\u30f3\u30c8\u4e57\u3063\u53d6\u308a\u304c\u53ef\u80fd\u3002\nCVE-2026-56073 CVSS 9.4 | CRITICAL", "creation_timestamp": "2026-06-20T06:59:57.193692Z"}, {"uuid": "72323327-b4a6-40b3-8535-ac2e173677f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56073", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motn57zsyx2v", "content": "\ud83d\udea8  ALERT: CVE-2026-56073\n\nCVSS 9.4/10\n\n\ud83d\udccb WHAT IT IS:\nCap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept OTP verification requests and manipulate HTTP resp", "creation_timestamp": "2026-06-22T00:32:19.300425Z"}]}