YubiKey Manager GUI on Windows before version 1.2.6 has a vulnerability that could allow an attacker to escalate privileges. Due to a limitation in Windows, it requires administrator privileges to interact with FIDO authenticators. An attacker can exploit this by tricking a user into running the YubiKey Manager GUI with administrator rights.
Source: GBHackers