Authentication Bypass in pam_usb for Linux Affects Removable Media Components
CVE-2026-44711

7.9HIGH

Key Information:

Vendor: Mcdope
Status: Pam Usb
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-44711?

The pam_usb module, which provides hardware authentication for Linux systems via removable media, has a vulnerability that allows an attacker to perform symlink attacks on pad directories and files. This can lead to an authentication bypass, enabling the potential for unauthorized root access and file corruption. The issue is addressed in pam_usb version 0.8.7, which mitigates these risks by securing the handling of symlink interactions.

Affected Version(s)

pam_usb < 0.8.7

References

https://github.com/mcdope/pam_usb/security/advisories/GHS...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.9

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44711 Data

JSON

Mcdope

What is CVE-2026-44711?

Affected Version(s)

References

CVSS V3.1

Timeline