{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-53981/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-12T17:24:22.841Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-53981","@id":"https://www.cve.org/CVERecord?id=CVE-2026-53981","description":"Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect verification to an attacker-controlled email address and subsequently perform a password reset to permanently take over the victim's account."},"products":[{"@id":"cpe:2.3:a:cap-go:cap-go:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:cap-go:cap-go:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 12.128.2, 6685e5f11adef257bf3d085e481f4d8ebcec602e.","timestamp":"2026-06-12T17:24:22.841Z"}]}