CVE-2026-46419

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/05/2026
Last modified:
14/05/2026

Description

Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation.