CVE-2026-40947 Python — Exploit & Vulnerability Details LOW

Parameter	Value
CVSS	2.9 (LOW)
Affected Versions	before 1.17.0
Type	CWE-426
Vendor	Python
Public PoC	No

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path.

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

High

Difficult to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

Low

Partial data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-426

References 1

https://www.yubico.com/support/security-advisories/ysa-2026-01/

cve@mitre.org

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-40260

Python

6.9

CVE-2026-40192

Python

8.7

CVE-2026-40683

Python

7.7

CVE-2026-5713

Python

5.3

CVE-2026-40288

Python

9.8

Menu

CVE-2026-40947

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-40260

CVE-2026-40192

CVE-2026-40683

CVE-2026-5713

CVE-2026-40288

CVE Details

Editor's Choice

Menu

CVE-2026-40947

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-40260

CVE-2026-40192

CVE-2026-40683

CVE-2026-5713

CVE-2026-40288

CVE Details

Editor's Choice

Stay informed on cybersecurity