All incidents

Cloud: DUO authentication issue with Chrome browser extension in Passbolt 5.7

Incident summary

On the release of Passbolt Cloud 5.7, an issue was introduced that prevented some users from completing authentication when using DUO as a second factor via the Chrome browser extension. The issue affected only existing Passbolt Cloud users relying on DUO for authentication.

Impact

The impact is limited to the inability for affected users to authenticate using DUO until a fix is deployed.

Timeline

  • January 3rd, 2026 – Passbolt Cloud API v5.7 was released, introducing a problematic CSP change.
  • January 5th, 2026 @ 08:34 – Issue reported by users on support.
  • January 5th, 2026 @ 11:18 – Fix deployed in production.

Root cause

The issue was caused by the introduction of stricter Content Security Policy (CSP) rules in version 5.7, which unintentionally interfered with the DUO authentication flow used by the browser extension.

Next steps

To reduce the risk of similar incidents in the future, we are taking the following actions:

  • Extend the patch versions smoke test suite to include DUO multi-factor authentication flows.

Thank you for your patience and understanding. We apologize for the inconvenience this may have caused.

Flag of European UnionMade in Europe. Privacy by default.