CVE-2025-26788

Name of the Vulnerable Software and Affected Versions: StrongKey FIDO Server versions prior to 4.15.1

Description: The issue arises when the StrongKey FIDO Server treats a non-discoverable (namedcredential) flow as a discoverable transaction. This can potentially lead to security risks. However, specific details about the estimated number of affected devices or real-world incidents where this issue was exploited are not provided.

Recommendations: For versions prior to 4.15.1, update to version 4.15.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the namedcredential flow to minimize the risk of exploitation.