JustAppSec
HIGH SeverityCVSS 3.17.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2026-46419

Last updated May 14, 2026 · Published May 14, 2026

← Back to list

Description

Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation.

Affected products

1 listed
  • Yubico:webauthn-server-core

Mappings

CWE

CWE-253

CAPEC

None listed.

CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms

Need help?Get in touch.