CVE-2026-56073

hype LIKELY HACK · 72 hack

Real vuln with patched version identified; no KEV/CVSS yet; early chatter but coherent threat signal.

What: Authentication bypass in Cap-go (version <12.128.2) allowing OTP verification manipulation and two-factor authentication circumvention, leading to account takeover.

Why it matters: Social chatter identifies a working vulnerability affecting a specific software component with a patched version available (12.128.2). Posts cite vendor-specific version numbers and concrete attack chain (OTP bypass → 2FA activation → account takeover). No KEV listing yet, no CVSS/EPSS scores published, and NVD metadata not enriched, but multiple independent sources (Vulmon, OffSeq radar) corroborate the finding within hours of disclosure.

Where it's seen: Security digest aggregators, threat intelligence feeds, and vendor-focused advisory channels reporting the Cap-go patch requirement and attack surface.

RISK: HIGH — Concrete account takeover vector; unpatched instances exposed; vendor patch available but adoption pending.

Generated by claude-haiku-4-5 from public posts and authoritative metadata. AI can make mistakes — verify against vendor advisories before acting. 6/20/2026, 5:19:31 AM

No NVD details ingested for this CVE yet.