Browse all 3 CVE security advisories affecting Yubico. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Yubico specializes in hardware security keys and authentication solutions, primarily focusing on multi-factor authentication to enhance account security. Historically, their products have been associated with vulnerabilities such as cross-site scripting (XSS), remote code execution (RCE), and privilege escalation issues, though these are relatively rare given the nature of their hardware-focused approach. The company maintains a strong emphasis on physical security and open standards, with their YubiKey series being widely adopted for its resistance to phishing and MITM attacks. While no major security incidents have been widely reported, the three CVEs on record highlight potential implementation flaws rather than fundamental design weaknesses in their authentication ecosystem.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40947 | Yubico多款产品 安全漏洞 — libfido2CWE-426 | 2.9 | Low | 2026-04-15 |
| CVE-2025-29991 | Yubico YubiKey 安全漏洞 — YubiKeyCWE-1390 | 2.2 | Low | 2025-04-03 |
| CVE-2025-23013 | Yubico pam-u2f 安全漏洞 — pam-u2fCWE-394 | 7.8 | - | 2025-01-15 |
This page lists every published CVE security advisory associated with Yubico. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.