Authenticator

This hub aggregates every CVE we track for Authenticator, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 12 most recently published vulnerabilities affecting Authenticator.

• CVE-2026-41615Microsoft Authenticator Information Disclosure Vulnerability9.6May 14, 2026
• CVE-2026-33875Authenticator Vulnerable to Authentication Flow Hijack9.3Mar 27, 2026
• CVE-2026-33874Authenticator vulnerable to Remote Code Execution7.8Mar 27, 2026
• CVE-2026-26123Microsoft Authenticator Information Disclosure Vulnerability5.5Mar 10, 2026
• CVE-2025-54154QNAP Authenticator6.8Oct 3, 2025
• CVE-2024-45394Secret encryption vulnerable to brute-force attacks8.8Sep 3, 2024
• CVE-2024-21390Microsoft Authenticator Elevation of Privilege Vulnerability7.1Mar 12, 2024
• CVE-2023-27895Information Disclosure vulnerability in SAP Authenticator for Android6.1Mar 14, 2023
• CVE-2022-3994Authenticator < 1.3.1 - Subscriber+ Denial of Service via Feed Token Disclosure4.3Jan 2, 2023
• CVE-2022-35290Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted.7.5Aug 9, 2022
• CVE-2021-25266An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, a...3.9Apr 27, 2022
• CVE-2012-6140pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictio...1.9Apr 24, 2013