CVE-2026-40947 LOW

CVE-2026-40947

Vendor Yubico
Product libfido2
Weakness CWE-426
Published April 15, 2026
Last update April 16, 2026

CVSS base score

2.9/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path.

Key dates

02Disclosure timeline

April 15, 2026 CVE published
April 16, 2026 Record updated