CVE-2026-46419
Published: 14 May 2026
Summary
CVE-2026-46419 is a high-severity Incorrect Check of Function Return Value (CWE-253) vulnerability in Yubico (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Valid Accounts (T1078); ranked at the 3.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-30211
Vulnerability details
Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Incorrect return value check in WebAuthn 2FA flow enables authentication bypass leading to account impersonation (T1078); server-side library flaw exploitable on public apps (T1190).
CVEs Like This One
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.