CVE-2026-46419
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/05/2026
Last modified:
14/05/2026
Description
Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH



