A critical vulnerability identified as CVE-2026-45051 in OpenAM allows remote code execution due to unsafe Java deserialization in the WebAuthn authentication module. It scores 9.2 on the CVSS scale and affects versions up to 16.0.6. While there have been no confirmed exploitations or public proof-of-concept yet, the flaw poses a significant risk as it enables attackers to execute code on the server, potentially compromising all connected services. Users are urged to update to version 16.1.1 to mitigate risks and should keep the WebAuthn storage attribute server-managed to prevent exploitation.
Critical OpenAM bug CVE-2026-45051 allows remote code execution
CyberSIXT Evidence Panel
Article by CyberSIXT