This vulnerability compromises the security of passkey-based authentication for user accounts in XenForo. An attacker can exploit the flaw to bypass passkey authentication protections. Successful exploitation can lead to full unauthorized takeover of any user account with a registered passkey.
Remediation
Upgrade XenForo to version 2.3.7 or the latest available stable release immediately. Audit all user account activity for unauthorized access after patching. Enforce secondary authentication for privileged user accounts as a temporary mitigation.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.