🔴 CRITICAL: go-pkgz auth (1.18.0 – 1.25.1, 2.0.0 – 2.1.1) has a major Patreon OAuth flaw (CVE-2026-42560) — all users merged as one! Patch to 1.25.2/2.1.2 to prevent cross-account access & data leaks. Details: https://radar.offseq.com/threat/cve-2026-42560-cwe-287-improper-authentication-in--e3a2d952 #OffSeq #CVE202642560 #OAuth #infosec