PT-2026-33184 · Yubico+2 · Yubikey-Manager+2
Published
2026-04-15
·
Updated
2026-04-16
·
CVE-2026-40947
CVSS v3.1
2.9
Low
| Vector | AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
libfido2 versions prior to 1.17.0
python-fido2 versions prior to 2.2.0
yubikey-manager versions prior to 5.9.1
Description
These components contain an unintended DLL search path, which can lead to the loading of malicious libraries from unexpected locations.
Recommendations
Update libfido2 to version 1.17.0 or later.
Update python-fido2 to version 2.2.0 or later.
Update yubikey-manager to version 5.9.1 or later.
Fix
Untrusted Search Path
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libfido2
Python-Fido2
Yubikey-Manager