A vulnerability categorized as critical has been discovered in go-pkgz auth up to 1.25.1/2.1.1 . This impacts an unknown function. Such manipulation leads to improper authentication. This vulnerability is documented as CVE-2026-42560 . The attack needs to be performed locally. There is not any exploit available. It is advisable to upgrade the affected component.