SUSE CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

EUVD-2026-23135

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

Untrusted Search Path

Overview yubikey-manager is a Library and CLI for managing your YubiKey configuration. Affected versions of this package are vulnerable to Untrusted Search Path due to the unintended search order for dynamic link libraries. An attacker can execute arbitrary code by placing a malicious DLL in a...

aws-credential-process (=0.20.0), aws-session-daemon (>=0.1.0 <=0.6.0) +2 more potentially affected by CVE-2026-40947 via yubikey-manager (>=5.0.0 <=5.1.1)

yubikey-manager PYPI version =5.0.0, =0.1.0, =1.0.0, =1.6.6 Source cves: CVE-2026-40947 Source advisory: SNYK:PYTHON-YUBIKEYMANAGER-16325204...

CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

Yubico多款产品 安全漏洞

Libfido2 and others are products open-sourced by Yubico. Libfido2 is a FIDO device communication library. Python-Fido2 is a library for implementing FIDO2 protocol clients and servers. YubiKey-Manager is a configuration management tool for YubiKeys. Several Yubico products have security...

CVE-2026-40947

Affected software components are Yubico libfido2 (before 1.17.0), python-fido2 (before 2.2.0), and yubikey-manager (before 5.9.1). The issue is an unintended DLL search path, as described in CVE-2026-40947. The CVSS vector is CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N, with a base score of 2.9 ...

CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

PT-2026-33184

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

YSA-2026-01 | Yubico

Security updates which resolve a DLL search path vulnerability on Windows are available for three Yubico open source software projects: libfido2, YubiKey Manager, and python-fido2. If an attacker is able to place a malicious file in the directory where the affected software or Python is installed...

Yubico YubiKey Manager < 1.2.6 Privilege Escalation

The version of Yubico YubiKey Manager installed on the remote host is prior to 1.2.6. It is, therefore, affected by a vulnerability. Yubico ykman-gui aka YubiKey Manager GUI before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as...

CVE-2024-31498

Yubico ykman-gui aka YubiKey Manager GUI before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator...

OPENSUSE-SU-2024:11538-1 yubikey-manager-4.0.3-1.3 on GA media

These are all security issues fixed in the yubikey-manager-4.0.3-1.3 package on the GA media of openSUSE Tumbleweed...

CVE-2024-31498

Yubico ykman-gui aka YubiKey Manager GUI before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator...

CVE-2024-31498

Yubico YubiKey Manager GUI (ykman-gui) for Windows is affected by CVE-2024-31498 when running versions prior to 1.2.6. The issue enables privilege escalation because browser windows can be opened as Administrator if Edge is not used, allowing a local attacker to escalate privileges via the GUI. A...

PT-2024-24121 · Yubico +1 · Yubico Ykman-Gui +2

Name of the Vulnerable Software and Affected Versions: Yubico ykman-gui aka YubiKey Manager GUI versions prior to 1.2.6 Description: A privilege escalation issue exists because browser windows can open as Administrator when Edge is not used on Windows systems. This could allow for unexpected...

Security Advisory YSA-2024-01 | Yubico

A security issue has been identified in YubiKey Manager GUI which could lead to unexpected privilege escalation on Windows. If a user runs the YubiKey Manager GUI as Administrator, browser windows opened by YubiKey Manager GUI may be opened as Administrator which could be exploited by a local...