CVE-2026-44711

high

Description

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7.

References

https://github.com/mcdope/pam_usb/security/advisories/GHSA-fjpm-p9pj-mp34

Details

Source: Mitre, NVD

Published: 2026-05-27

Updated: 2026-05-27

Risk Information

CVSS v2

Base Score: 6.2

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.9

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

Severity: High

Detections

Analytics