Home

Description

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path.

PUBLISHED Reserved 2026-04-15 | Published 2026-04-15 | Updated 2026-04-16 | Assigner mitre




LOW: 2.9CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-426 Untrusted Search Path

Product status

Default status
unaffected

Any version before 1.17.0
affected

Default status
unaffected

Any version before 2.2.0
affected

Default status
unaffected

Any version before 5.9.1
affected

References

www.yubico.com/support/security-advisories/ysa-2026-01/

cve.org (CVE-2026-40947)

nvd.nist.gov (CVE-2026-40947)

Download JSON