Back

Yubico Software Vulnerability Allows Code Injection via DLL Path Flaw

Severity: High (Score: 64.5)

Sources: support.microsoft.com, www.yubico.com, github.com, developers.yubico.com, nvd.nist.gov

Summary

A security vulnerability affecting YubiKey Manager, libfido2, and python-fido2 has been identified, allowing attackers to execute injected code on Windows systems. The flaw arises from improper DLL path handling, specifically the use of LoadLibrary(TEXT('DLL_NAME')), which does not restrict paths to the System32 directory. If an attacker can place a malicious file in the installation directory of the affected software, they can execute arbitrary code. Yubico has released updated software versions to address this issue, which include libfido2 1.17.0, python-fido2 2.2.0, and yubikey-manager 5.9.1. The vulnerability has been assigned CVE-2026-40947 and carries a CVSS score of 7.0, indicating a high risk. While Yubico assesses the vulnerability as high risk, MITRE has classified it as low risk with a CVSS score of 2.9. Users are advised to update their software to mitigate the risk. No Yubico hardware is affected by this vulnerability. Key Points: • A DLL path vulnerability allows code execution in YubiKey Manager and related software. • Yubico has released patches for affected software versions to close the security gaps. • CVE-2026-40947 is rated high risk by Yubico with a CVSS score of 7.0.

Key Entities

  • Malware (attack_type)
  • Yubico (company)
  • CVE-2026-40947 (cve)
  • CWE-269 - Improper Privilege Management (cwe)
  • Cwe-427 - Uncontrolled Search Path Element (cwe)
  • T1055 - Process Injection (mitre_attack)
  • T1574 - Hijack Execution Flow (mitre_attack)
  • Python-fido2 (platform)
  • Windows (platform)
  • Yubico Libfido2 (platform)
  • Yubikey-manager (platform)
  • Process Monitor (tool)
  • Eucleak (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed