CVE-2026-56073

Source
https://cve.org/CVERecord?id=CVE-2026-56073
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-56073.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-56073
Aliases
  • GHSA-x2gq-85v8-j9v4
Published
2026-06-19T21:39:18.855Z
Modified
2026-07-08T08:57:33.621377351Z
Severity
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
Cap-go - OTP Bypass via Response Manipulation in Email Verification
Details

Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely mark verification successful, enabling unauthorized 2FA enablement and account takeover.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/56xxx/CVE-2026-56073.json",
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-345"
    ]
}
References

Affected packages

Git / github.com/cap-go/capgo

Affected ranges

Type
GIT
Repo
https://github.com/cap-go/capgo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "DESCRIPTION"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "12.128.2"
        }
    ]
}

Affected versions

0.*
0.1.6
0.1.8
0.11.0
0.14.0
0.14.2
0.14.5
0.14.6
0.15.1
0.16.0
0.16.1
0.16.3
0.18.2
0.19.0
0.20.1
0.20.2
0.23.0
0.24.1
0.26.0
0.26.1
0.29.1
0.29.5
0.3.1
0.30.12
0.30.12-alpha.1
0.30.19
0.30.2
0.30.5-alpha.4
0.30.6-alpha.0
0.30.6-alpha.2
0.30.8-alpha.0
0.30.8-alpha.1
0.30.8-alpha.4
0.30.9-alpha.0
0.30.9-alpha.10
0.30.9-alpha.15
0.30.9-alpha.16
0.30.9-alpha.3
0.30.9-alpha.6
0.30.9-alpha.9
0.6.1
1.*
1.10.0
1.10.1
1.10.2
1.11.0
1.11.1
1.12.1
1.13.11
1.13.12
1.13.13
1.13.3
1.13.4
1.13.5
1.14.4
1.14.6
1.16.0-alpha.0
1.16.1-alpha.0
1.16.3-alpha.0
1.17.0
1.17.0-alpha.0
1.17.0-alpha.1
1.18.0
1.18.1
1.18.10
1.18.16
1.18.2
1.18.24
1.18.26
1.18.28
1.18.33
1.18.36
1.18.4
1.18.5
1.18.8
1.18.9
1.19.3
1.19.4
1.19.5
1.20.0
1.20.1
1.20.2
1.20.3
1.21.0
1.21.10
1.21.11
1.21.19
1.21.23
1.21.25
1.21.6
1.21.7
1.21.8
1.21.9
1.22.1
1.22.2
1.23.0
1.23.1
1.24.0
1.24.1
1.24.10
1.24.16
1.24.17
1.24.18
1.24.2
1.24.3
1.25.14
1.25.2
1.25.6
1.25.7
1.26.1
1.26.2
1.27.0
1.27.1
1.27.2
1.27.3
1.27.6
1.28.3
1.31.1
1.31.3
1.31.4
1.33.3
1.34.0
1.35.0
1.35.1
1.36.12
1.36.15
1.36.22
1.36.24
1.36.25
1.36.4
1.36.41
1.36.49
1.36.7
1.36.8
1.37.15
1.37.22
1.37.31
1.37.5
1.39.0
1.43.1
1.44.1
1.44.11
1.44.12
1.44.15
1.44.16
1.44.19
1.44.21
1.44.26
1.45.0
1.45.1
1.45.2
1.45.3
1.45.4
1.46.0
1.46.4
1.47.0
1.47.1
1.47.3
1.48.0
1.48.1
1.50.0
1.50.1
1.50.2
1.50.3
1.51.0
1.52.1
1.52.2
1.52.3
1.53.0
1.53.1
1.53.2
1.53.3
1.53.4
1.53.5
1.53.6
1.53.7
1.53.8
1.54.0
1.54.1
1.54.2
1.54.3
1.54.4
1.54.5
1.54.6
1.54.9
1.55.0
1.55.12
1.55.2
1.55.23
1.55.3
1.55.31
1.55.35
1.55.37
1.55.38
1.55.39
1.55.4
1.55.42
1.55.43
1.55.44
1.55.5
1.55.6
1.55.9
1.58.1
1.58.15
1.58.16
1.6.11
1.6.7
1.60.4
1.61.12
1.61.14
1.61.15
1.61.17
1.61.2
1.61.21
1.61.23
1.61.27
1.61.33
1.61.34
1.61.35
1.62.0
1.62.1
1.62.4
1.64.1
1.66.4
1.7.10
1.7.15
1.7.24
1.7.27
1.7.28
1.8.1
1.8.3
1.8.6
1.8.7-alpha.0
1.8.7-alpha.1
1.8.7-alpha.2
1.9.0-alpha.0
1.9.1
1.9.10
1.9.6
1.9.7
1.9.9
10.*
10.0.0
capgo-12.*
capgo-12.123.9
capgo-12.124.0
capgo-12.124.1
capgo-12.124.3
capgo-12.124.4
capgo-12.124.5
capgo-12.124.6
capgo-12.124.7
capgo-12.124.9
capgo-12.125.0
capgo-12.126.0
capgo-12.126.1
capgo-12.126.2
capgo-12.127.0
capgo-12.127.1
capgo-12.127.10
capgo-12.127.11
capgo-12.127.12
capgo-12.127.13
capgo-12.127.14
capgo-12.127.15
capgo-12.127.16
capgo-12.127.17
capgo-12.127.18
capgo-12.127.19
capgo-12.127.2
capgo-12.127.20
capgo-12.127.21
capgo-12.127.22
capgo-12.127.23
capgo-12.127.3
capgo-12.127.4
capgo-12.127.5
capgo-12.127.8
capgo-12.127.9
capgo-12.128.0
capgo-12.128.1
cli-7.*
cli-7.94.0
cli-7.94.1
cli-7.94.5
cli-7.94.6
cli-7.94.7
cli-7.94.8
cli-7.94.9
cli-7.95.0
cli-7.95.1
cli-7.95.10
cli-7.95.2
cli-7.95.3
cli-7.95.4
cli-7.95.5
cli-7.95.6
cli-7.95.7
cli-7.95.8
cli-7.95.9
v12.*
v12.100.0
v12.100.1
v12.100.10
v12.100.11
v12.100.12
v12.100.13
v12.100.14
v12.100.15
v12.100.3
v12.100.4
v12.100.5
v12.100.6
v12.100.7
v12.100.8
v12.100.9
v12.101.0
v12.101.1
v12.102.0
v12.102.1
v12.102.2
v12.102.3
v12.102.4
v12.102.6
v12.103.1
v12.104.2
v12.104.3
v12.105.0
v12.105.3
v12.105.4
v12.105.5
v12.105.6
v12.105.8
v12.105.9
v12.106.0
v12.106.1
v12.106.2
v12.107.0
v12.107.1
v12.107.10
v12.107.11
v12.107.19
v12.107.2
v12.107.20
v12.107.21
v12.107.22
v12.107.24
v12.107.26
v12.107.3
v12.107.4
v12.107.5
v12.107.6
v12.107.7
v12.107.8
v12.108.0
v12.108.1
v12.108.10
v12.108.11
v12.108.12
v12.108.13
v12.108.14
v12.108.15
v12.108.16
v12.108.17
v12.108.18
v12.108.19
v12.108.2
v12.108.3
v12.108.4
v12.108.5
v12.108.6
v12.108.7
v12.108.8
v12.108.9
v12.109.0
v12.109.1
v12.109.10
v12.109.11
v12.109.12
v12.109.13
v12.109.14
v12.109.15
v12.109.17
v12.109.2
v12.109.3
v12.109.4
v12.109.5
v12.109.6
v12.109.7
v12.109.8
v12.109.9
v12.110.0
v12.110.2
v12.110.3
v12.110.4
v12.110.5
v12.110.6
v12.111.1
v12.111.2
v12.111.3
v12.112.0
v12.112.1
v12.112.2
v12.112.3
v12.112.4
v12.112.5
v12.112.6
v12.113.0
v12.113.1
v12.113.2
v12.114.0
v12.114.1
v12.114.12
v12.114.2
v12.114.4
v12.114.6
v12.114.7
v12.114.9
v12.115.0
v12.115.2
v12.116.0
v12.116.1
v12.116.10
v12.116.11
v12.116.12
v12.116.13
v12.116.14
v12.116.15
v12.116.16
v12.116.17
v12.116.18
v12.116.19
v12.116.2
v12.116.20
v12.116.21
v12.116.22
v12.116.23
v12.116.24
v12.116.27
v12.116.28
v12.116.29
v12.116.3
v12.116.30
v12.116.33
v12.116.34
v12.116.39
v12.116.4
v12.116.40
v12.116.41
v12.116.45
v12.116.46
v12.116.47
v12.116.48
v12.116.49
v12.116.5
v12.116.50
v12.116.51
v12.116.52
v12.116.53
v12.116.54
v12.116.55
v12.116.56
v12.116.57
v12.116.58
v12.116.59
v12.116.6
v12.116.60
v12.116.61
v12.116.62
v12.116.63
v12.116.64
v12.116.65
v12.116.66
v12.116.67
v12.116.68
v12.116.69
v12.116.7
v12.116.70
v12.116.71
v12.116.72
v12.116.8
v12.116.9
v12.117.1
v12.117.2
v12.117.3
v12.117.4
v12.117.5
v12.117.6
v12.117.8
v12.118.0
v12.118.1
v12.118.2
v12.119.0
v12.119.10
v12.119.12
v12.119.13
v12.119.14
v12.119.15
v12.119.16
v12.119.17
v12.119.18
v12.119.19
v12.119.20
v12.119.21
v12.119.3
v12.119.4
v12.119.5
v12.119.6
v12.119.8
v12.119.9
v12.120.10
v12.120.11
v12.120.12
v12.120.13
v12.120.14
v12.120.15
v12.120.16
v12.120.19
v12.120.20
v12.120.4
v12.120.5
v12.120.6
v12.120.7
v12.120.8
v12.120.9
v12.121.0
v12.121.1
v12.121.10
v12.121.11
v12.121.2
v12.121.4
v12.121.5
v12.121.6
v12.121.7
v12.121.8
v12.121.9
v12.122.0
v12.122.1
v12.122.10
v12.122.11
v12.122.12
v12.122.13
v12.122.14
v12.122.15
v12.122.16
v12.122.2
v12.122.3
v12.122.4
v12.122.5
v12.122.6
v12.122.7
v12.122.8
v12.122.9
v12.123.0
v12.123.1
v12.123.2
v12.123.3
v12.123.4
v12.123.5
v12.123.6
v12.123.7
v12.123.8
v12.55.3
v12.55.4
v12.55.5
v12.55.8
v12.55.9
v12.56.0
v12.56.1
v12.56.10
v12.56.11
v12.56.12
v12.56.13
v12.56.14
v12.56.15
v12.56.16
v12.56.18
v12.56.2
v12.56.24
v12.56.25
v12.56.26
v12.56.4
v12.56.6
v12.56.7
v12.56.8
v12.56.9
v12.73.2
v12.84.5
v12.84.6
v12.85.0
v12.85.1
v12.85.2
v12.85.3
v12.85.4
v12.85.7
v12.85.8
v12.85.9
v12.86.0
v12.86.2
v12.87.1
v12.89.12
v12.89.14
v12.89.15
v12.89.16
v12.89.17
v12.89.5
v12.89.6
v12.89.9
v12.90.0
v12.90.1
v12.90.2
v12.90.3
v12.91.0
v12.91.1
v12.91.10
v12.91.12
v12.91.14
v12.91.15
v12.91.2
v12.91.3
v12.91.4
v12.91.5
v12.91.6
v12.91.7
v12.91.8
v12.91.9
v12.92.0
v12.93.0
v12.93.1
v12.93.2
v12.93.3
v12.93.4
v12.93.5
v12.93.6
v12.94.0
v12.94.1
v12.94.2
v12.94.6
v12.95.0
v12.96.0
v12.96.1
v12.96.2
v12.97.0
v12.97.1
v12.98.1
v12.98.2
v12.98.3
v12.99.0
v12.99.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-56073.json"