Yubico Software May Load Malicious Code

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

2.9

Yubico Software May Load Malicious Code

CVE-2026-40947

Summary

Yubico's software for FIDO2 security keys has a flaw that could allow hackers to trick it into running malicious code. This could happen if a user installs a fake version of the software. To stay safe, keep your Yubico software up to date.

Original title

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path.

Original description

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path.

nvd CVSS3.1 2.9

Vulnerability type

CWE-426

https://www.yubico.com/support/security-advisories/ysa-2026-01/

Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026