Description

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Prior to 5.2.4, when allowed_origins is configured, CheckAllowedOrigins reduces URL-like values to their host component and accepts on host match alone. This makes exact origin policies impossible to express: scheme and port differences are silently ignored. This vulnerability is fixed in 5.2.4.

INFO

Published Date :

2026-03-10T17:16:46.895Z

Last Modified :

2026-03-10T17:57:34.091Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-30964 vulnerability.

Vendors Products
Spomky-labs
  • Webauthn-lib
  • Webauthn-symfony-bundle
  • Webauthn Framwork
Web-auth
  • Webauthn-framework
  • Webauthn-lib
  • Webauthn-symfony-bundle
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-30964.

URL Resource
https://github.com/web-auth/webauthn-framework/commit/535cc3c2dcbd9c3dfd5e00a254ad4a984e5e7839 cve-icon cve-icon
https://github.com/web-auth/webauthn-framework/commit/b4cd9a4394c35fcac6080fd2f84f4f58a30abc01 cve-icon cve-icon
https://github.com/web-auth/webauthn-framework/security/advisories/GHSA-f7pm-6hr8-7ggm cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact