Tag
A critical deserialization of untrusted data vulnerability, identified as CVE-2026-45051, in OpenAM's WebAuthn authentication module (openam-auth-webauthn) allows for pre-authentication arbitrary code execution (RCE) on the application server if an attacker can first write controlled data to a user's storage attribute, impacting OpenAM Community Edition through version 16.0.6.