Security Advisories - web-auth/webauthn-framework - Packagist.org

web-auth/webauthn-framework Security Advisories for 5.2.1 (1)

[MEDIUM] Webauthn Framework: allowed_origins collapses URL-like origins to host-only values, bypassing exact origin validation

PKSA-1sct-n8q3-hf7r CVE-2026-30964 GHSA-f7pm-6hr8-7ggm

Affected version: >=5.2.0,<5.2.4

Reported by:
GitHub