YubiKey NEO OpenPGP Security Bug

Yubico recently learned of a security issue with the OpenPGP Card applet project that is used in the YubiKey NEO. If you are not using OpenPGP, or have the OpenPGP applet version 1.0.10 or later, this vulnerability does not apply to you.

The OpenPGP Card applet defect was inherited from the open-source software project “javacardopenpgp.” The technical details are available in a security advisory posted on our website. This issue only affects the OpenPGP applet and does not impact the security of the YubiKey or its other functions.

While we continue to believe that the practical impact for the majority of users is not critical, Yubico aspires to exceed expectations related to security incident handling. Therefore, we have developed a policy on replacing affected YubiKey NEOs.

Note that moving usage of an OpenPGP key to a new YubiKey NEO requires that you have saved a backup copy of the private key on the card as there is no way to retrieve the private key from any YubiKey, including the YubiKey NEO. If you did not save a backup copy of the private key when you initially generated the key, you will need to revoke the existing key and create a new key. Therefore, we urge you to consider whether you are truly affected by the security issue before proceeding.

If you are using the YubiKey NEO with the OpenPGP Card applet and want to replace your YubiKey, go to yubi.co/support to log a support ticket. Include the output from ‘gpg –card-status’ on your YubiKey NEO (masking out personal information) together with your order number in the ticket you submit. We will give you a coupon code so you can order a replacement YubiKey NEO.

Talk to our teamTalk to our team

Share this article:


  • CEO Corner: Entering the second half of 2025 with momentumAs we continue to move further into the second half of 2025, I want to share a look back at our journey so far this year and as well as lay out Yubico’s strategic path ahead.  Resurgence in order growth and key segment wins While net sales declined for Q2, the end of the quarter […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Survey says: Your dog’s name isn’t a passwordWe all know we should be protecting our digital lives, but what are Americans actually doing? Yubico recently commissioned a survey, conducted by Talker Research, which asked 5,000 Americans in 10 major metro cities across the U.S. about their online security habits. Here’s a closer look at what they found (hint: they’re not as secure as they […]Read moreCompany Newssurvey
  • Passkeys are winning, but security leaders must raise the barPasswords are on their way out. In their place is a new form of login called passkeys that promises stronger security and less frustration. All passkeys offer the rare combination of improved usability and stronger security, especially when compared to passwords alone. But unless we act now, millions could be left more vulnerable than ever. […]Read moreDevice-bound passkeysHardware passkeypasskeyssynced passkeys
  • Your top YubiKey questions, answeredOver the 10+ years I’ve been at Yubico, I’ve had the pleasure of meeting customers, partners and many others talking about digital security. While every conversation is different, I am often asked many of the same questions about YubiKeys. One thing remains consistent: many people know they need better security, but they’re not sure what […]Read moreFAQYubiKey