CVE-2026-46419

Summary

Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation.

Affected Software

VendorProductVersion RangeStatus
Yubicowebauthn-server-core2.8.0 < 2.8.2affected

Weaknesses

  • CWE-253: CWE-253 Incorrect Check of Function Return Value

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References