{"vulnerability": "cve-2026-56073", "sightings": [{"uuid": "64e3fa8f-31ef-4b71-8bf6-325c4f08b3df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56073", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moohtqinc627", "content": "CVE-2026-56073 - Cap-go - OTP Bypass via Response Manipulation in Email Verification\nCVE ID : CVE-2026-56073\n \n Published : June 19, 2026, 9:39 p.m. | 1\u00a0hour, 30\u00a0minutes ago\n \n Description : Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verifica...", "creation_timestamp": "2026-06-19T23:14:13.486897Z"}, {"uuid": "c2c38aa7-3412-46e3-9849-74827f058f5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-56073", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116780199172553168", "content": "CVE-2026-56073 (CRITICAL) affects Cap-go capgo <12.128.2: Insufficient data authenticity checks allow OTP bypass, enabling attackers to activate 2FA & take over accounts. No patch yet \u2014 monitor vendor updates. https://radar.offseq.com/threat/cve-2026-56073-insufficient-verification-of-data-a-d7403d6896f5b084 #OffSeq #CVE #Infosec #AppSec", "creation_timestamp": "2026-06-20T03:00:27.713564Z"}, {"uuid": "bdb6f574-09db-4040-be0d-8efc1512d522", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-56073", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3moouic4kvn2u", "content": "Cap-go capgo (<12.128.2) hit by CRITICAL CVE-2026-56073: OTP auth bypass lets attackers enable 2FA & take over accounts. No patch \u2014 monitor vendor channels for updates. https://radar.offseq.com/threat/cve-2026-56073-insufficient-verification-of-data-a-d7403d6896f5b084 #OffSeq #CVE #Security", "creation_timestamp": "2026-06-20T03:00:28.714462Z"}, {"uuid": "4c59b0fb-700f-4a87-a253-6d7153d54cba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56073", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mop3ix2tpp2z", "content": "Daily IT Security Digest \u2014 2026-06-20\nCVE-2026-56073 (CRITICAL) allows OTP bypass through insufficient data authenticity checks, enabling attackers to activate two-factor authentication and take over accounts. EUVD-2026-38100 (8.7) and EUVD-2026-38099 (6.9) involve information disclosure via", "creation_timestamp": "2026-06-20T05:06:06.409474Z"}, {"uuid": "50e46777-b304-4f79-9e9b-3641a6407f28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56073", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mopbujmpzo2r", "content": "Cap-go 12.128.2\u672a\u6e80\u306eOTP\u8a8d\u8a3c\u306b\u8106\u5f31\u6027\u3002\u653b\u6483\u8005\u306f\u30e1\u30fc\u30eb\u691c\u8a3c\u3092\u8fc2\u56de\u3057\u30012FA\u4e0d\u6b63\u6709\u52b9\u5316\u3084\u30a2\u30ab\u30a6\u30f3\u30c8\u4e57\u3063\u53d6\u308a\u304c\u53ef\u80fd\u3002\nCVE-2026-56073 CVSS 9.4 | CRITICAL", "creation_timestamp": "2026-06-20T06:59:57.193692Z"}]}