securityonline.info 7/2/2026, 3:02:53 AM · external

Critical OpenAM bug CVE-2026-45051 allows remote code execution

Critical OpenAM bug CVE-2026-45051 allows remote code execution
CyberSIXT Evidence Panel
Primary Source github.com
CISA KEV Not in KEV
Patch Patch Status Unknown

A critical vulnerability identified as CVE-2026-45051 in OpenAM allows remote code execution due to unsafe Java deserialization in the WebAuthn authentication module. It scores 9.2 on the CVSS scale and affects versions up to 16.0.6. While there have been no confirmed exploitations or public proof-of-concept yet, the flaw poses a significant risk as it enables attackers to execute code on the server, potentially compromising all connected services. Users are urged to update to version 16.1.1 to mitigate risks and should keep the WebAuthn storage attribute server-managed to prevent exploitation.

View Primary Source Via securityonline.info

Article by CyberSIXT