CVE-2026-44711 | THREATINT

Description

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7.

PUBLISHED Reserved 2026-05-07 | Published 2026-05-27 | Updated 2026-05-28 | Assigner GitHub_M

HIGH: 7.9CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

Problem types

CWE-59: Improper Link Resolution Before File Access ('Link Following')

CWE-287: Improper Authentication

Product status

< 0.8.7

affected

References

github.com/...rg/cli/security/advisories/GHSA-qqq4-5773-pmw5 exploit

github.com/...am_usb/security/advisories/GHSA-fjpm-p9pj-mp34

cve.org (CVE-2026-44711)

nvd.nist.gov (CVE-2026-44711)

Download JSON