diff --git a/core/src/apps/common/cbor.py b/core/src/apps/common/cbor.py
index f827950567..352c086e3a 100644
--- a/core/src/apps/common/cbor.py
+++ b/core/src/apps/common/cbor.py
@@ -302,8 +302,9 @@ def encode_chunked(value: Value, max_chunk_size: int) -> Iterator[bytes]:
             yield chunk_buffer
 
 
-def decode(cbor: bytes) -> Value:
+def decode(cbor: bytes, offset: int = 0) -> Value:
     r = utils.BufferReader(cbor)
+    r.seek(offset)
     res = _cbor_decode(r)
     if r.remaining_count():
         raise ValueError
diff --git a/core/src/apps/webauthn/fido2.py b/core/src/apps/webauthn/fido2.py
index fd687e5534..8e64ad0cf1 100644
--- a/core/src/apps/webauthn/fido2.py
+++ b/core/src/apps/webauthn/fido2.py
@@ -1479,7 +1479,7 @@ def cbor_make_credential_process(req: Cmd, dialog_mgr: DialogManager) -> State |
         return cbor_error(req.cid, _ERR_OTHER)
 
     try:
-        param = cbor.decode(req.data[1:])
+        param = cbor.decode(req.data, offset=1)
         rp = param[_MAKECRED_CMD_RP]
         rp_id = rp["id"]
         rp_id_hash = hashlib.sha256(rp_id).digest()
@@ -1657,7 +1657,7 @@ def cbor_get_assertion_process(req: Cmd, dialog_mgr: DialogManager) -> State | C
         return cbor_error(req.cid, _ERR_OTHER)
 
     try:
-        param = cbor.decode(req.data[1:])
+        param = cbor.decode(req.data, offset=1)
         rp_id = param[_GETASSERT_CMD_RP_ID]
         rp_id_hash = hashlib.sha256(rp_id).digest()
 
@@ -1879,7 +1879,7 @@ def cbor_get_info(req: Cmd) -> Cmd:
 
 def cbor_client_pin(req: Cmd) -> Cmd:
     try:
-        param = cbor.decode(req.data[1:])
+        param = cbor.decode(req.data, offset=1)
         pin_protocol = param[_CLIENTPIN_CMD_PIN_PROTOCOL]
         subcommand = param[_CLIENTPIN_CMD_SUBCOMMAND]
     except Exception: