Strongkey · Strongkey Fido Server · CVE-2025-26788
Name of the Vulnerable Software and Affected Versions:
StrongKey FIDO Server versions prior to 4.15.1
Description:
The issue arises when the StrongKey FIDO Server treats a non-discoverable (namedcredential) flow as a discoverable transaction. This can potentially lead to security risks. However, specific details about the estimated number of affected devices or real-world incidents where this issue was exploited are not provided.
Recommendations:
For versions prior to 4.15.1, update to version 4.15.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the namedcredential flow to minimize the risk of exploitation.