{"uuid": "3b4a647f-2321-4b5f-bf1c-5ec5d40ae5e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42560", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlfkxlaxiz2c", "content": "CRITICAL: go-pkgz auth (1.18.0 \u2013 1.25.1, 2.0.0 \u2013 2.1.1) merges Patreon OAuth users into one account. Patch to 1.25.2/2.1.2 ASAP to prevent cross-user data exposure! \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-42560-cwe-287-improper-authentication-in--e3a2d952 #OffSeq #OAuth #Security", "creation_timestamp": "2026-05-09T06:00:31.496066Z"}