{"uuid": "3a8a0ef5-905c-4506-a69f-1e12ceaf4803", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42560", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116543090116020818", "content": "\ud83d\udd34 CRITICAL: go-pkgz auth (1.18.0 \u2013 1.25.1, 2.0.0 \u2013 2.1.1) has a major Patreon OAuth flaw (CVE-2026-42560) \u2014 all users merged as one! Patch to 1.25.2/2.1.2 to prevent cross-account access & data leaks. Details: https://radar.offseq.com/threat/cve-2026-42560-cwe-287-improper-authentication-in--e3a2d952 #OffSeq #CVE202642560 #OAuth #infosec", "creation_timestamp": "2026-05-09T06:00:30.144489Z"}