PT-2026-51036 · Cap Go · Cap-Go
Nancyhunter191
·
Published
2026-06-19
·
Updated
2026-06-19
·
CVE-2026-56073
CVSS v3.1
9.4
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Cap-go versions prior to 12.128.2
Description
An authentication bypass exists in the OTP (One-Time Password) verification process. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely indicate that verification was successful. This allows for the unauthorized enablement of two-factor authentication (2FA) and subsequent account takeover.
Recommendations
Update to version 12.128.2 or later.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cap-Go