Skip to main content

HYPR Passwordless EUVDEUVD-2026-39453

| CVE-2026-4522 MEDIUM
Missing Authentication for Critical Function (CWE-306)
2026-06-25 HYPR GHSA-957m-3336-c6fv
6.7
CVSS 4.0 · Vendor: HYPR
Share

Severity by source

Vendor (HYPR) PRIMARY
6.7 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.9 MEDIUM

Local vector with scope change because intercepted credentials affect subsequent HYPR-protected systems; PR:L and UI:R map directly from the 4.0 PR:L/UI:P constraints.

3.1 AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Primary rating from Vendor (HYPR).

CVSS VectorVendor: HYPR

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

3
Patch available
Jun 25, 2026 - 17:02 EUVD
Analysis Generated
Jun 25, 2026 - 16:27 vuln.today
CVE Published
Jun 25, 2026 - 15:39 cve.org
MEDIUM 6.7

DescriptionCVE.org

Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception.

This issue affects HYPR Passwordless: before 11.1.1.

AnalysisAI

Credential interception in HYPR Passwordless on Windows (all versions before 11.1.1) is possible due to a missing authentication check on a critical internal function (CWE-306), allowing a low-privileged local attacker to capture authentication material during an active user session. The CVSS 4.0 vector's SC:H metric confirms the intercepted credentials are usable against downstream systems that HYPR protects, elevating the downstream blast radius beyond the compromised endpoint. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain low-privilege local account on HYPR endpoint
Delivery
Deploy credential interception process
Exploit
Wait for legitimate user HYPR authentication event
Execution
Invoke or observe unauthenticated critical function
Persist
Capture authentication token or credential material
Impact
Replay credentials against HYPR-protected downstream systems

Vulnerability AssessmentAI

Exploitation Exploitation requires all of the following: (1) a Windows endpoint with HYPR Passwordless installed at a version earlier than 11.1.1; (2) an existing low-privilege local account on that machine - administrative rights are not required but unauthenticated remote access is not possible (AV:L, PR:L per CVSS 4.0 vector); (3) a legitimate user must be actively performing a HYPR authentication event on the same machine during the attack window (UI:P). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.7 reflects meaningful real-world constraints that moderate the raw risk: the local attack vector (AV:L) requires an existing foothold on the target Windows endpoint, low privileges (PR:L) confirm the attacker need not be an administrator, and passive user interaction (UI:P) creates a timing dependency on a legitimate user actively authenticating. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained a low-privilege local account on a HYPR-enrolled Windows workstation deploys a lightweight interception process that monitors the unauthenticated internal function. When a legitimate employee initiates their HYPR passwordless login (the required passive user interaction), the attacker's process captures the authentication token or credential material in transit. …
Remediation Upgrade HYPR Passwordless to version 11.1.1 or later, which is the vendor-confirmed fixed release per the advisory at https://www.hypr.com/trust-center/security-advisories. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39453 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy