CVE-2026-40947 PUBLISHED

Assigner: mitre
Reserved: 15.04.2026 Published: 15.04.2026 Updated: 16.04.2026

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS Score: 2.9

Product Status

Vendor Yubico
Product libfido2
Versions Default: unaffected
  • affected from 0 to 1.17.0 (excl.)
Vendor Yubico
Product python-fido2
Versions Default: unaffected
  • affected from 0 to 2.2.0 (excl.)
Vendor Yubico
Product yubikey-manager
Versions Default: unaffected
  • affected from 0 to 5.9.1 (excl.)

References

Problem Types

  • CWE-426 Untrusted Search Path CWE