cvedb.io
CVE-2026-30964
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2026-03-10T18:18:55.410 · Last modified 2026-06-17T10:33:14.180

Summary

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Prior to 5.2.4, when allowed_origins is configured, CheckAllowedOrigins reduces URL-like values to their host component and accepts on host match alone. This makes exact origin policies impossible to express: scheme and port differences are silently ignored. This vulnerability is fixed in 5.2.4.

Affected products

spomky-labs — webauthn-lib

Does this affect you?

Add your gear to cvedb and we'll alert you only when spomky-labs ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.