CVE-2026-44711

7.9 HIGH

pam_usb provides hardware authentication for Linux using ordinary removable media

Published: 2026-05-27 · Last updated: 2026-05-28

Severity and scoring

CVSS: 7.9 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H
CWE: CWE-287, CWE-59

Description

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-50656 — Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as ... (7.8 HIGH)
CVE-2026-48780 — Forem is open source software for building communities (8.2 HIGH)
CVE-2026-48114 — Metacat is data repository software that helps researchers preserve, share, and discover data (9.8 CRITICAL)
CVE-2026-12183 — Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerabili... (9.8 CRITICAL)
CVE-2026-54230 — A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport (7.0 HIGH)