HIGH
Yubico
CVE published 2026-05-14
CVE-2026-46419
CVE-2026-46419 affects Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 through 2.8.1. The issue is an incorrect check of a function return value in the second-factor flow, which can lead to impersonation. The source data maps this to CWE-253 and rates it CVSS 7.5 (High). Yubico’s advisory and the 2.8.2 release are the supplied remediation references.