Vendor
medium
advisory
CVE-2026-56081: Cap-go Authentication Logic Flaw Leading to Account Takeover
2 rules 2 TTPsAn authentication logic flaw in Cap-go versions prior to 12.128.2 allows attackers to register an account with a victim's unverified email address, then enable two-factor authentication on this pre-registered account to gain full control, read/modify data, enforce organization-level policies, and deny the legitimate user access.
Cap-go < 12.128.2
account-takeover
authentication-bypass
web-application
logic-flaw
cloud
2r
2t
high
advisory
CVE-2026-56073: Cap-go OTP Verification Authentication Bypass
2 rules 2 TTPsCap-go versions prior to 12.128.2 are susceptible to an authentication bypass vulnerability (CVE-2026-56073) in OTP verification that allows attackers to manipulate server responses to falsely mark verification successful, leading to unauthorized 2FA enablement and subsequent account takeover.
Cap-go
authentication-bypass
web-application
vulnerability
account-takeover
cve
network-attack
2r
2t