OpenAM WebAuthn Flaw Allows Remote Code Execution via Deserialization
ID: 07be6f0c-384f-5ada-abfa-f9cd67401e03
STIX ID: report--07be6f0c-384f-5ada-abfa-f9cd67401e03
Feed Name: securityonline.info
Threat Score
**CVE-2026-45051 — OpenAM WebAuthn pre-auth RCE (CVSS 9.2):** A critical Java deserialization vulnerability in OpenAM's WebAuthn authenticator storage can allow remote code execution if an attacker can write a storage attribute and reach the WebAuthn flow; affects Community Edition through 16.0.6 and is patched in 16.1.1 — update immediately and ensure the WebAuthn storage attribute is server-managed.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
