CVE-2026-4522 | Missing authentication for critical function vulnerability i… | CVSS 6.7 MEDIUM

Description

Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception. This issue affects HYPR Passwordless: before 11.1.1.

Metadata

CVE ID: CVE-2026-4522
State: PUBLISHED
Assigner: HYPR
Reserved: 2026-03-20 15:46 UTC
Published: 2026-06-25 15:39 UTC
Last updated: 2026-06-25 16:03 UTC
Primary CWE: CWE-306
CWE-306 Missing authentication for critical function
Vendor / Product: HYPR / Passwordless
Sources: cve.org · NVD

Severity & Metrics

6.7 MEDIUM CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
HYPR	Passwordless	Windows	0 < 11.1.1

Weakness (CWE)

CWE	Source	Description
CWE-306	cna	CWE-306 Missing authentication for critical function

CVSS scores (1)

Score	Severity	Version	Source	Vector
6.7	MEDIUM	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

References (1)

https://www.hypr.com/trust-center/security-advisories